DevSecOps Engineer
About the Team
The Platform and Security team ensures that Typeform engineers can build, deploy, and operate services safely and efficiently.
As we scale into AI-powered products, our engineering velocity has increased significantly. New workloads—including model-serving, agent-based systems, and real-time data pipelines—introduce new security challenges that the current team lacks capacity or AI-specific expertise to manage.
This is where you come in: as our DevSecOps Engineer, you’ll embed security into the development lifecycle, enable high-velocity feature delivery, and ensure that new AI capabilities are safe, compliant, and resilient.
Things you will do:
Embed security into the software development lifecycle, enabling teams to ship features safely at high velocity.
Partner with engineering and AI teams to assess and mitigate security risks for new AI features, infrastructure, and pipelines.
Develop and maintain secure CI/CD pipelines, tooling, and automation to support rapid deployment.
Conduct threat modeling, vulnerability assessments, and code reviews for new services and AI workloads.
Advise on secure architecture patterns for infrastructure, agent systems, and model-serving environments.
Implement monitoring, alerting, and incident response practices for critical security events.
Define best practices, standards, and policies for secure feature delivery across engineering teams.
Act as the internal security advocate, balancing risk management with product velocity.
What you already bring to the table:
Several years of experience in DevSecOps, security engineering, or cloud security.
Deep understanding of security in distributed systems, cloud-native infrastructure, and CI/CD pipelines.
Knowledge of threat modeling, vulnerability assessment, and incident response practices.
Experience securing AI/ML workloads, model-serving pipelines, or agent-based systems (or a strong willingness to learn).
Familiarity with IaC, Kubernetes, and cloud platforms (AWS, GCP, Azure).
Strong collaborator able to influence engineering teams and embed security practices without slowing development.
Strong communication skills to explain complex security concepts to non-security teams.
Extra awesome:
Hands-on experience with AI security, model risk, or prompt injection mitigation.
Experience in high-velocity SaaS or PLG environments.
Contributions to open-source security tooling or frameworks.
Experience implementing automated security testing in CI/CD pipelines for both code and infrastructure.
DevSecOps Engineer
About the Team
The Platform and Security team ensures that Typeform engineers can build, deploy, and operate services safely and efficiently.
As we scale into AI-powered products, our engineering velocity has increased significantly. New workloads—including model-serving, agent-based systems, and real-time data pipelines—introduce new security challenges that the current team lacks capacity or AI-specific expertise to manage.
This is where you come in: as our DevSecOps Engineer, you’ll embed security into the development lifecycle, enable high-velocity feature delivery, and ensure that new AI capabilities are safe, compliant, and resilient.
Things you will do:
Embed security into the software development lifecycle, enabling teams to ship features safely at high velocity.
Partner with engineering and AI teams to assess and mitigate security risks for new AI features, infrastructure, and pipelines.
Develop and maintain secure CI/CD pipelines, tooling, and automation to support rapid deployment.
Conduct threat modeling, vulnerability assessments, and code reviews for new services and AI workloads.
Advise on secure architecture patterns for infrastructure, agent systems, and model-serving environments.
Implement monitoring, alerting, and incident response practices for critical security events.
Define best practices, standards, and policies for secure feature delivery across engineering teams.
Act as the internal security advocate, balancing risk management with product velocity.
What you already bring to the table:
Several years of experience in DevSecOps, security engineering, or cloud security.
Deep understanding of security in distributed systems, cloud-native infrastructure, and CI/CD pipelines.
Knowledge of threat modeling, vulnerability assessment, and incident response practices.
Experience securing AI/ML workloads, model-serving pipelines, or agent-based systems (or a strong willingness to learn).
Familiarity with IaC, Kubernetes, and cloud platforms (AWS, GCP, Azure).
Strong collaborator able to influence engineering teams and embed security practices without slowing development.
Strong communication skills to explain complex security concepts to non-security teams.
Extra awesome:
Hands-on experience with AI security, model risk, or prompt injection mitigation.
Experience in high-velocity SaaS or PLG environments.
Contributions to open-source security tooling or frameworks.
Experience implementing automated security testing in CI/CD pipelines for both code and infrastructure.