The DevSecOps Engineer will integrate security practices into the CI/CD pipeline, conduct security audits, and automate security tasks to ensure compliance with industry standards.
Roadie, a UPS company, is a leading logistics and delivery platform that helps businesses tackle the complexities of modern retail with unmatched delivery coverage, flexibility and visibility. Reaching 97% of U.S. households across more than 30,000 zip codes — from urban hubs to rural communities — Roadie provides seamless, scalable solutions that meet a variety of delivery needs.
With a network of more than 310,000 independent drivers nationwide, Roadie offers flexible delivery solutions that make complex logistics challenges easy, including solutions for local same-day delivery, delivery of big and bulky items, ship-from-store and DC-to-door. For more information, visit www.roadie.com.
We are looking for a DevSecOps Engineer that will be responsible for supporting and implementing all aspects of secure SDLC, including patching vulnerabilities in libraries, code, and conducting security audits. You will work closely with our development, operations, and security teams to ensure that our cloud infrastructure and Kubernetes deployments are secure, scalable, and efficient. Your primary responsibility will be to integrate security practices into the CI/CD pipeline, automate security tasks, and ensure compliance with industry standards.
What You’ll Do
- Work cross-functionally with the InfoSec, SRE, and Engineering teams
- Keep up to date with current vulnerabilities in the DevOps space, patch, mitigate, or procure acceptance of the vulnerability by InfoSec standards
- Check code and repositories for insecure coding practices and work with Engineering teams to remediate
- Work closely with InfoSec to create and maintain Secure SDLC training
- Conduct security based quality assurance on pre-deployment packages, and seek approval or denial of those deployments based upon security findings
- Conduct security based quality assurance such as dynamic and static code testing
- Work closely with Compliance and Engineering teams to conduct pre-project risk assessments
- Implement security checks and practices within CI/CD pipelines to ensure secure code deployment and infrastructure
- Develop automation scripts and tools to streamline security processes, including vulnerability scanning, patch management, and incident response
- Conduct security training and awareness programs for engineering teams to promote a security-first culture
What You Bring
- Bachelor's Degree in Computer Science/Engineering, or related work experience
- 3+ years development experience in an enterprise environment
- 2+ years security, risk, or compliance experience
- Strong knowledge of security tools and best practices, including vulnerability scanning (e.g., Nessus, Qualys), SAST/DAST, and container security tools
- Proficiency with scripting and automation languages, especially IaC such as Terraform, Crossplane, etc
- Experience with various development methodologies, tools, and CI/CD tools such as Bitbucket, Gitlab, Github, Circle CI, Travis CI, Argo CD, Azure DevOps
- Security and DevOps certifications strongly preferred
Why Roadie?
- Competitive compensation packages
- 100% covered health insurance premiums for yourself
- 401k with company match
- Tuition and student loan repayment assistance (that’s right - Roadie will contribute directly to your existing student loans!)
- Flexible work schedule with unlimited PTO
- Monthly 3-day weekends
- Monthly WFH stipend
- Paid sabbatical leave - tenured team members are given time to rest, relax, and explore
- The technology you need to get the job done
Similar Jobs
Computer Vision • Software
Join the CMS BDAMAX team to embed security into CI/CD and infrastructure, manage Terraform-based provisioning, integrate vulnerability findings into remediation workflows, support audit readiness and incident response, and enforce secure governance for AI platforms across a regulated federal environment.
Top Skills:
Amazon BedrockArgo WorkflowsAWSAws Security HubAws VpcCursorEc2EcsEksFargateFedrampFismaGeminiGithub CopilotJenkinsKubernetesRds Aurora PostgresqlRoute 53S3Secrets ManagerTerraform
Agency • Information Technology
Lead and mentor DevSecOps efforts across cloud environments: implement vulnerability scanning/remediation, certificate and key management, IAM, security monitoring analytics, automate secure CI/CD pipelines using IaC and tooling, and embed security into development lifecycle.
Top Skills:
Amazon AwsAnsibleApi SecurityAtlassian BitbucketBashCertificate ManagementContainer SecurityDigital.AiDynatraceElasticGCPGitlabGitlab CiGoogle KmsHashi VaultIacIbm GuardiumLinuxAzureNmapPacPrisma CloudPrisma ComputePrisma ScanningPythonTenableTerraformThalys Database ProtectionVenafiVulnerability Scanning
Healthtech • Information Technology
Lead platform security across AWS/EKS: harden supply chain, secrets, IAM, container integrity; build policy-as-code, compliance automation (HITRUST/SOC2), CI/CD security, and operationalize platform security controls while contributing hands-on to infrastructure, observability, and on-call support.
Top Skills:
ArgocdAtlantisAWSCrossplaneDockerEksGithub ActionsGoGrafanaHclHelmHitrustInfluxdbKafkaKarpenterKedaKubernetesKyvernoMimirNode.jsPostgresPrometheusPythonRedisSoc 2Sumo LogicTerraformTypescriptVantaVeleroVpa
What you need to know about the NYC Tech Scene
As the undisputed financial capital of the world, New York City is an epicenter of startup funding activity. The city has a thriving fintech scene and is a major player in verticals ranging from AI to biotech, cybersecurity and digital media. It also has universities like NYU, Columbia and Cornell Tech attracting students and researchers from across the globe, providing the ecosystem with a constant influx of world-class talent. And its East Coast location and three international airports make it a perfect spot for European companies establishing a foothold in the United States.
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory
