Senior DevSecOps Engineer
About Us
We’re a startup with big ambitions: to make estate planning modern, visual, and intelligent. Vanilla is the first AI-powered estate advisory platform, built by advisors, planners, and attorneys to transform how wealth is transferred across generations. Our technology unifies scenario modeling, client visualization, and document creation into one seamless, digital experience.
Our team brings together diverse subject matter expertise across estate planning, wealth management, and scaling SaaS startups. We’re distributed across the U.S., with a mix of fully remote and hybrid roles, and we embrace flexibility while staying closely connected. At Vanilla, you’ll join curious builders and problem-solvers who thrive on speed, autonomy, and impact.
Here, you won’t just join a company, you’ll help create it. If you’re excited to tackle hard problems, move quickly, and see your work shape both an industry and a growing startup, we’d love to meet you.
Working Location
This role is a remote position, you must be based out of one of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Kentucky, Maine, Massachusetts, Minnesota, New Jersey, New York, Ohio, Pennsylvania, Texas, Utah or Washington.
Job Summary
We’re looking for a Senior DevSecOps Engineer to own and operate our security tooling, manage key vendor relationships, and drive our application and cloud security programs forward. This is a hands-on, high-ownership role: you’ll be the day-to-day operator of our security stack, the point person for our vCISO engagement, and the engineer building the processes that keep Vanilla’s platform and infrastructure secure. You’ll also own the operational cadence of our security program: managing vendor-led pen tests, running tabletop exercises, maintaining our incident response playbook, and building a multi-quarter security roadmap.
This role is ideal for a strong DevOps or infrastructure engineer who is security-minded, eager to own a security program, and comfortable operating in a fast-moving Series B environment. You’ll report to the Director of Engineering and collaborate closely with our vCISO (Latacora) and external partners.
Responsibilities
Cloud & Infrastructure Security
Secure AWS infrastructure, systems, and networking
Review infrastructure-as-code (Terraform) changes for security implications
Support secrets management, IAM policy reviews, and encryption standards
Triage and respond to cross-team IT requests that carry security implications
Security Operations & Tooling
Operate and tune security tooling including SentinelOne (EDR), Sublime (email security), Panther (SIEM), and Cloudflare
Monitor and triage security alerts across dedicated channels
Serve as the primary responder for cross-team security requests
Vendor & Program Management
Manage the vCISO relationship, including coordinating on cloud security posture, endpoint coverage, and SOC 24x7 operations
Own the annual penetration test lifecycle: vendor selection, scoping, coordination, remediation tracking, and reporting
Scope and coordinate AI red team engagements
Run tabletop exercises and maintain the incident response playbook
Build and maintain a multi-quarter security roadmap in partnership with engineering leadership
Application Security
Own and evolve pre-deploy security gates across CI/CD pipelines
Run vulnerability management for libraries and application code: scanning, prioritization, and remediation workflows
Conduct threat modeling for new features, integrations, and architecture changes
Champion secure coding practices across engineering teams
AI Security
Scope and coordinate AI red team exercises against Vanilla’s AI-powered features
Assess security of AI/ML pipelines, inference endpoints, and third-party AI vendor integrations
Implement and maintain guardrails for AI outputs, including controls against prompt injection and data exfiltration
Establish data governance practices for sensitive training data (PII/PHI in estate and financial documents)
What This Role Is Not
This role is focused on infrastructure and security engineering, not compliance or customer trust. SOC 2, security questionnaires, and audit documentation sit elsewhere in the org.
Required Qualifications
Must Have
Hands-on AWS experience: infrastructure, networking, and cloud security posture
Experience with infrastructure-as-code (Terraform or CloudFormation)Strong understanding of IAM, network security, encryption, and secrets management
Hands-on vulnerability management experience: scanning, triage, remediation workflows
Experience with threat modeling, secure code review, and CI/CD security gating.
Strong scripting and automation skills (Python, Bash, or similar)
Nice to Have
Experience operating security tooling: EDR, SIEM, email security, WAF, or similar
Familiarity with SentinelOne, Sublime, Panther, or Cloudflare specifically
Prior incident response or tabletop exercise facilitation
Exposure to AI/ML security: LLM risks, securing inference endpoints, or data privacy in ML contexts
Experience in fintech, wealthtech, or other regulated industries
Familiarity with supply chain security
The salary range for this role is $180,000 to $210,000. Our compensation packages also include a performance-based bonus and equity. Compensation is based on a number of factors and may vary depending on job-related knowledge, skills, and experience.
Benefits:
Flexible paid time off policy and 10 company-wide paid holidays
Parental leave, 6 weeks for all full-time employees and up to 14 weeks for birthing parents
Medical, dental, and vision benefits coverage for employees and their families
401K eligibility after one month of employment
Free estate planning documents
Budget for learning & development and home office setup
Paid parking or transit for hybrid and in office employees
Vanilla Technologies Inc. (dba "Vanilla") provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Vanilla participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.