Senior DevSecOps Engineer

[ABOUT ISTARI DIGITAL]

Istari is a digital engineering software company enabling our customers to turn the physical world into the digital to accomplish their specific mission or business objectives.

Istari was founded with the vision of making open, scalable digital engineering ecosystems a reality – where new technologies and systems are created digitally, free from the real-world constraints of costs and schedules. We are creating the world’s best engineering model sharing platform, allowing our customers to simply and securely integrate their models across different engineering disciplines, organizations, and security levels.

At Istari, we are passionate about our mission of creating the world's first open and scalable industrial metaverse. Whether our customers are designing prototypes, performing virtual testing, or training AI and autonomy for complex systems, we know that going digital will save them time, resources, and reduce their environmental impact.  

While we are a distributed team with most team-members working remotely, we place an emphasis on staying connected and collaborative, prioritizing in-person opportunities to build trust as a team. At Istari, we still believe that trust is best built in-person. To do this, we have an engineering headquarters in Cambridge, MA for focused technical development and several times per year we gather for an off-site that allows us to develop our professional skills and our team relationships.

[VALUES]

At Istari, we live by our values, which include:

- Focus is rewarded. Finish is remembered. 

- Facts are friendly. Even when they are not fun.

- Fellowship is fundamental. Make others successful.

Equal Opportunity

Istari is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

We are seeking a Senior DevSecOps Engineer to join our Engineering team. This role is critical to securing, hardening, and scaling the infrastructure that powers our platform across cloud-hosted production environments.

This engineer will work closely with platform, infrastructure, and security stakeholders to improve the security and operational maturity of our AWS and Kubernetes environments, support compliance and audit readiness, and help ensure our systems are reliable, secure, and maintainable as we grow. This role will also support environments serving regulated and security-sensitive customer needs, including an environment we host for a Government organization.

The ideal candidate combines strong hands-on infrastructure expertise with sound security judgment and a practical, execution-focused mindset. They should be comfortable working across cloud infrastructure, Kubernetes, operating systems, compliance controls, and production operations.

Core Responsibilities

Responsibilities include collaborating with the platform and engineering teams to secure and improve production infrastructure, harden cloud and host configurations, and build repeatable operational practices across environments. Key responsibilities include:

• Design, implement, and maintain secure, scalable infrastructure in AWS

• Manage, secure, and improve Kubernetes-based environments, including production workloads

• Build and maintain infrastructure as code using Terraform

• Harden production systems across cloud, compute, container, identity, and network layers

• Develop and maintain secure baseline configurations for infrastructure and platform services

• Support vulnerability management, patching, remediation, and configuration compliance efforts across environments

• Configure, administer, and patch both Linux and Windows VMs

• Support identity and access management practices, including least privilege, role design, and privileged access controls

• Contribute to administration and integration of Active Directory domains where needed

• Partner with engineering teams to improve security within CI/CD pipelines, deployment workflows, and operational processes

• Support compliance initiatives, audits, evidence collection, and technical control validation

• Develop and maintain documentation, operational runbooks, technical standards, and playbooks

• Monitor, troubleshoot, and resolve complex infrastructure and security issues with clear and timely communication

• Participate in incident response and post-incident analysis when infrastructure or platform issues arise

• Stay current on cloud, infrastructure, and security best practices that can improve platform resilience and delivery

Required Qualifications

• Minimum of 5 years of experience in DevOps, DevSecOps, Infrastructure Engineering, Platform Engineering, or Security Engineering

• Strong hands-on experience with AWS in production environments

• Proven experience with Kubernetes, preferably in production

• Strong experience with Terraform and infrastructure-as-code practices

• Experience hardening production environments and implementing secure configuration standards

• Experience supporting compliance frameworks, audit preparation, evidence gathering, and control validation

• Experience with vulnerability remediation, system patching, and operational security practices

• Experience configuring and maintaining both Linux and Windows virtual machines

• Strong understanding of IAM, secrets management, network security, logging, monitoring, and operational controls

• Proven experience improving or securing CI/CD pipelines and deployment workflows

• Excellent troubleshooting and problem-solving skills in complex production environments

• Strong communication skills with the ability to explain technical concepts to both technical and non-technical stakeholders

• Must live/work in the U.S.

Preferred Qualifications

• Experience supporting environments with regulated, compliance-driven, or security-sensitive requirements

• Familiarity with compliance or security frameworks such as SOC 2, NIST, ISO 27001, CMMC, or similar

• Experience with EKS or other managed Kubernetes platforms

• Experience configuring or supporting Active Directory Domain Services, Group Policy, or hybrid identity environments

• Experience with automation and configuration management tools such as Ansible, PowerShell, or similar

• Experience with PostgreSQL, cloud storage platforms, and production networking patterns

• Scripting experience in Python, Bash, or PowerShell

• Experience with security tooling related to container security, vulnerability management, or policy enforcement

• Experience supporting customer-facing or mission-critical production infrastructure

• Security+ Certification

• Top Secret Security Clearance

$135,000 - $220,000 a year

BENEFITS

We offer highly competitive benefits, including:

Health and Family

- Medical/Dental/Vision

- Employee Premiums are 100% Company Paid

- Life Insurance

- Flexible Work Hours 

- Unlimited Paid Time Off (PTO) with federal government holidays

Financial

- Competitive Compensation 

- 401k 

- Company Stock Options

- Home Office Setup Budget

Learning

- Reimbursement for approved trainings and subscriptions

- Conferences (travel, lodging, and fees)

Note - some benefits are not available to interns or contractors.

Thank you for your interest in Istari. Expect to hear back from us soon with next steps.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.