Senior DevSecOps Engineer
Klarity · San Francisco, CA · 1 mo ago
On-siteEngineering$220k–$280k/yrFull-time
About the role
We're looking for a Senior DevSecOps Engineer to own and evolve Klarity's cloud infrastructure, security posture, and deployment operations. This is a foundational, hands-on role where you'll architect multi-tenant and single-tenant deployment models, harden our security and compliance surface, automate everything that can be automated using state-of-the-art AI, and ensure our platform can scale reliably as we cater to hundreds of enterprise customers.
Responsibilities
- Own and evolve Klarity’s cloud infrastructure – Design, build, and operate Klarity’s cloud infrastructure that powers everything our customers use. You’ll own the full stack: networking, compute, storage, container orchestration, databases, message queues, and deployment architecture.
- Architect multi-tenant and single-tenant deployment models – Design and implement the infrastructure patterns that let Klarity serve customers across multiple deployment topologies: shared multi-tenant SaaS, fully isolated single-tenant environments on Klarity’s cloud, hybrid architectures with separated control and data planes, and single-tenant deployments on a customer’s own cloud provider. You’ll build the automation and tooling that makes spinning up a new tenant environment fast, repeatable, and secure.
- Harden security and build compliance infrastructure – Implement defense-in-depth security across the entire platform: secrets management, IAM policies, network segmentation, container hardening, vulnerability scanning, SAST/DAST in CI/CD, runtime threat detection, and comprehensive audit logging. Build the controls and evidence collection systems that let Klarity achieve and maintain SOC 2 and other industry-specific compliance certifications required by regulated customers.
- Build bulletproof CI/CD and deployment automation – Design and maintain CI/CD pipelines that make shipping safe, fast, and auditable. Implement progressive deployment strategies (blue-green, canary, feature flags), automated rollback, environment promotion workflows, and infrastructure-as-code practices that the entire engineering team can confidently use. Ensure that every deployment is traceable, reversible, and compliant.
- Ensure that every deployment is traceable, reversible, and compliant – Implement comprehensive monitoring, alerting, and observability across infrastructure and application layers. Build dashboards that give the team real-time visibility into system health, performance, and security posture. Design and document incident response playbooks, runbooks, and post-mortem processes. Establish SLOs and error budgets that align with enterprise customer expectations.
- Multiply your impact across the engineering team – You’ll be among the foundational infrastructure hires on the team. Build self-service tooling, clear documentation, and developer-friendly workflows that let every engineer ship with confidence. Partner with backend engineers to ensure application architecture aligns with infrastructure capabilities.
Requirements
- Infrastructure engineer with a security-first mindset – You design, build, and operate cloud infrastructure that is secure by default, not secured as an afterthought. You think in terms of blast radius, least privilege, and defense in depth. You’ve built and maintained production infrastructure on AWS (and ideally GCP or Azure) serving enterprise-grade workloads. You know how to make infrastructure reproducible, auditable, and self-healing. You’ve built CI/CD pipelines that teams actually trust, written infrastructure as code that other engineers can read and extend, and designed deployment workflows that make shipping safe and fast.
- You’ve worked across tenancy patterns – You’ve designed or operated platforms that serve multiple tenants with strong data isolation and can articulate the tradeoffs between shared infrastructure, siloed namespaces, and fully dedicated environments. You understand tenant isolation at every layer: network, compute, storage, and application. You’ve navigated the complexity of deploying the same application across multi-tenant SaaS, single-tenant dedicated, and hybrid (split control-plane / data-plane) topologies.
- Security engineer who thinks like an attacker – You proactively identify and close security gaps before they become incidents. You’ve implemented secrets management, vulnerability scanning, SAST/DAST pipelines, runtime threat detection, and incident response playbooks. You understand supply chain security, container hardening, and network segmentation at a deep level. You’ve been the person the team turns to when a security incident needs triaging at 2 AM.
- Well versed with compliance and governance – You’ve worked in environments that require SOC 2, ISO 27001, HIPAA, FedRAMP, or similar frameworks and you understand how to translate compliance requirements into engineering controls. You can build audit trails, access logs, and policy-as-code systems that satisfy auditors without slowing down developers. You’ve helped a company achieve or maintain at least one major compliance certification.
Qualifications
- 5+ years in infrastructure, DevOps, or platform engineering with strong security focus
Skills
- Experience with AWS, GCP, and/or Azure
- Knowledge of Kubernetes, Docker, and container orchestration
- Experience with CI/CD pipelines and infrastructure as code
- Strong understanding of security best practices and compliance standards
- Ability to work independently and collaboratively with cross-functional teams
Benefits
- Equity in addition to competitive cash compensation
- 100% Employer-Paid Medical, Dental & Vision options!
- Paid Parental Leave
- $500 Annual Learning Fund
- $100 Monthly Wellness Fund
- 401k via Betterment
- Relocation support to San Francisco Bay Area (where applicable)
- Office-related Perks: BART or Caltrain to the office, Parking & Transit account, Snack Central, Safe & Secure Bike Room, Onsite Gym Access