Security Lead (DevOps/SRE)

We are looking for a Security Lead with a strong DevOps/SRE background to build and lead our security practice while remaining hands-on across cloud infrastructure, CI/CD, and production reliability. As a Security Lead, you will own the security strategy across the SDLC and production environment, embed security into developer workflows, lead vulnerability management and penetration testing with external vendors, and work closely with our Platform/DevOps/SRE team to ensure PetroApp's systems are both secure and reliable.

Requirements

• 5+ years of experience across DevOps/SRE/Platform Engineering and application/infrastructure security
• Proven experience leading or owning security in a cloud-native, product-focused company
• Strong DevOps/SRE background: operating production workloads, on-call experience, CI/CD ownership, automation, and infrastructure-as-code
• Deep understanding of cloud security fundamentals (AWS/GCP): IAM, networking, encryption, logging, monitoring
• Hands-on experience integrating security tooling into CI/CD pipelines (SAST, DAST, dependency scanning, container/IaC scanning)
• Solid Linux and networking fundamentals; comfortable debugging complex production and security issues
• Experience with containers and orchestration (Docker/Kubernetes) and securing them in production
• Practical knowledge of OWASP Top 10, common attack vectors, and secure coding principles
• Experience managing penetration tests and/or security assessments, including scoping, coordination, and remediation follow-up
• Excellent communication and stakeholder management skills—able to influence and drive change without blocking delivery

Benefits

• Generous Paid Time Off
• 401k Matching
• Retirement Plan
• Four Day Work Week
• Generous Parental Leave
• Tuition Reimbursement
• Relocation Assistance