JOB DESCRIPTION Staff DevSecOps Engineer Counterpart believes in small businesses and is dedicated to helping them do more with less risk. By pairing leading insurance experts with cutting-edge technology, Counterpart empowers small business owners to grow with confidence. Exceptional underwriters, trusted insurance brokers, and prominent insurance carriers come together on the Counterpart platform to support small businesses by providing AI-driven management and professional liability underwriting and claims services. That’s where you come in… As a Staff Engineer, DevSecOps, you own Counterpart's security posture. Traditional security was designed for a human-to-system world. As we scale an increasingly agentic stack, that model breaks. Agents acting on behalf of humans introduce new attack surfaces, trust boundaries, and failure modes that require a fundamental redesign of how we think about security. You are the person who leads that redesign. You are the internal authority on security and compliance, own IT operations end-to-end, and you act as a hands-on member of the DevOps team building and securing our platform infrastructure. You build on our SOC 2 Type 2 and HIPAA foundations, extending them as the threat surface evolves. This role is the foundation of our in-house security function. AS A STAFF DEVSECOPS ENGINEER, YOU WILL: - Own the organization's security posture. Define, implement, and maintain the controls, policies, and practices that keep Counterpart secure across human and agentic interactions. - Own our SOC 2 Type 2 and HIPAA compliance programs. Manage and automate audits, maintain evidence, and extend our compliance posture as the business and the threat surface grow. - Stay ahead of emerging threats and regulations. Continuously evaluate our security posture against new attack vectors, including data poisoning, adversarial inputs, and agent hijacking. Track how AI security standards and regulatory requirements are evolving and get ahead of them before they become mandatory. - Own IT operations end-to-end, from onboarding to offboarding. Manage and automate device procurement and provisioning, access controls, identity management, and the internal tooling stack. - Own platform infrastructure security as a hands-on member of the DevOps team. - Build and maintain sandbox architecture that allows safe experimentation without risking production systems. - Design and implement secure environments for AI agent workloads, including trust boundaries, defenses against prompt injection, data exfiltration, and other unexpected behaviors. WE LOOK FOR TEAMMATES WHO HAVE: - 10+ years in DevSecOps, security engineering, or a combination of DevOps, security, and IT roles - Hands-on experience with cloud infrastructure and security on AWS - Experience owning or co-owning SOC 2 and HIPAA compliance programs, not just contributing to them - Experience managing IT operations, including device management, identity and access management, and internal tooling - A solid foundation in security frameworks and compliance standards, including hands-on familiarity with AI agent risks such as prompt injection, data poisoning, and adversarial inputs. You think proactively about how emerging AI security standards and regulations affect an insurance technology company deploying agents. - The ability to communicate security risks clearly to non-technical stakeholders and translate compliance requirements into engineering decisions - The drive to build a security function from the ground up and grow into owning it fully - Domain curiosity about insurance. You either understand how insurance works or you are genuinely motivated to learn. Security decisions are better when you understand the business they protect. - Experience working with distributed, remote teams. WHAT WE OFFER - Unlimited Vacation: We offer flexible time off, allowing you to take time when you need it. - Work from Anywhere: Counterpart is a fully distributed company, meaning there is no office. We allow employees to work from wherever they do their best work, and invite the team to meet in person a couple times per year. - Stock Options - Health, Dental, and Vision Coverage - 401(k) Retirement Plan - Parental Leave - Home Office Allowance: to set up your home office with the necessary equipment and accessories. - Book stipend - Professional Development Reimbursement - No working birthdays: Take your birthday off, giving you the opportunity to relax, enjoy your special day, and spend time with loved ones. - Charitable Contribution Matching COUNTERPART'S VALUES - Conjoin Expectations - it is the cornerstone of autonomy. Ensure you are aware of what is expected of you and clearly articulate what you expect of others. - Speak Boldly & Honestly - the only failure is not learning from mistakes. Don’t cheat yourself and your colleagues of the feedback needed when expectations aren’t being met. - Be Entrepreneurial - control your own destiny. Embrace action over perfection while navigating any obstacles that stand in the way of your ultimate goal. - Practice Omotenashi (“selfless hospitality”) - trust will follow. Consider every interaction with internal and external partners an opportunity to develop trust by going above and beyond what is expected. - Hold Nothing As Sacred - create routines but modify them routinely. Take the time to reflect on where the business is today, where it needs to go, and what you have to change in order to get there. - Prioritize Wellness - some things should never be sacrificed. We create an environment that stretches everyone to grow and improve, which is fulfilling, but is only one part of a meaningful life. Our estimated pay range for this role is $220,000 to $250,000. Base salary is determined by a variety of factors, including but not limited to, market data, location, internal equitability, and experience. We are committed to being a welcoming and inclusive workplace for everyone. We are intentional about making sure people feel respected, supported, and connected at work—regardless of who they are or where they come from. We value and celebrate our differences and believe being open about who we are allows us to do the best work. We are an Equal Opportunity Employer. We do not discriminate against qualified applicants or employees on the basis of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by federal, state, or local law, rule, or regulation.

Description Keeper Security is hiring a Senior DevOps Program Manager to lead complex, cross-functional initiatives that shape and advance Keeper’s global cloud infrastructure, automation capabilities, and compliance posture. This role is ideal for a hands-on technical program leader who excels at bridging engineering execution with strategic planning. Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations, globally. Keeper is published in 23 languages and is sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and bring your IL5 DevOps expertise to mission-critical work. About Keeper Keeper Security is transforming cybersecurity for organizations globally with zero-trust privileged access management built with end-to-end encryption. Keeper’s cybersecurity solutions are FedRAMP and StateRAMP Authorized, SOC 2 compliant, FIPS 140-2 validated, as well as ISO 27001, 27017 and 27018 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by millions of individuals and thousands of organizations, Keeper is the leader for password, passkey and secrets management, privileged access, secure remote access and encrypted messaging. Learn how our zero-trust and zero-knowledge solutions defend against cyber threats at KeeperSecurity.com. About the Job The Senior DevOps Program Manager will orchestrate large-scale cloud, automation, and infrastructure initiatives that span Engineering, Security, and Operations. This role is responsible for driving the execution of Keeper’s infrastructure roadmap, enabling modern DevOps practices, and ensuring that all programs align with zero-trust, zero-knowledge, and compliance-driven requirements. This position requires a blend of deep technical understanding and strong program leadership. You will manage cross-team dependencies, define program priorities, enhance CI/CD and automation workflows, strengthen observability practices, and ensure alignment with compliance frameworks including FedRAMP, SOC 2, and ISO 27001. Responsibilities - Lead end-to-end execution of complex DevOps and infrastructure programs, including cloud modernization, CI/CD optimization, automation, and security integrations - Partner with Engineering, Security, Compliance, and Product leadership to define program strategy, priorities, and success criteria - Oversee large-scale cloud initiatives across AWS and other platforms, ensuring scalability, cost efficiency, and operational resilience - Coordinate Infrastructure-as-Code (IaC) initiatives using Terraform and related automation tooling - Drive improvements across CI/CD pipelines (GitHub Actions, Jenkins, etc.) to reduce deployment friction and enhance reliability - Champion best practices in automated testing, security scanning, and release governance - Integrate compliance and security-by-design principles into all DevOps programs, ensuring alignment with FedRAMP, SOC 2, ISO 27001, and similar standards - Collaborate closely with security engineering and the CISO to ensure program-level compliance and audit readiness - Oversee observability, SRE, and monitoring initiatives to enhance system visibility, performance, and incident response - Define SLIs, SLOs, and error budgets in partnership with Engineering and Security teams - Serve as a cross-functional liaison, ensuring consistent communication, dependency tracking, and alignment across teams - Manage program timelines, risks, and stakeholder expectations across multiple initiatives - Work with Agile, Waterfall, or hybrid methodologies to ensure effective delivery depending on program needs - Identify and adopt emerging technologies that strengthen Keeper’s cloud, automation, and monitoring capabilities Requirements - Bachelor’s degree in Computer Science, Engineering, or a related technical field (Master’s preferred) - 8+ years of experience in DevOps, Cloud Infrastructure, or Site Reliability Engineering - 4+ years of technical program or project management experience in a SaaS, cloud-native, or cybersecurity environment - Proven experience with AWS cloud services (ECS, EKS, Lambda, RDS, S3, IAM, etc.) - Hands-on familiarity with Terraform, Docker, Kubernetes, and CI/CD tooling such as GitHub Actions or Jenkins - Strong understanding of automation, cloud security, and modern DevOps best practices - Demonstrated success managing cross-functional initiatives in high-security or compliance-driven environments - Experience with observability platforms (Datadog, Prometheus, Grafana) and incident management workflows - Excellent communication skills with the ability to guide stakeholders, influence decisions, and manage expectations Preferred Qualifications - AWS Certified DevOps Engineer or similar cloud certifications - Experience working within FedRAMP, DoD, or regulated government environments - Exposure to secrets management or privileged access management systems - Experience with DevSecOps automation and compliance-as-code tooling - PMP certification Benefits - Medical, Dental & Vision (inclusive of domestic partnerships) - Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life - Voluntary Short/Long Term Disability Insurance - 401K (Roth/Traditional) - A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc) - Above market annual bonuses Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees. Classification: Exempt Keeper Candidate Privacy Notice This notice explains how Keeper Security processes your personal data during recruitment. Depending on the role and location, the Controller of personal data (the organization responsible for determining why and how personal data is processed) will be Keeper Security Inc. (US), Keeper Security EMEA Ltd. (Ireland), or Keeper Security APAC K.K (Japan). 1. Data We Collect Information You provide: - Contact details, CV/resume, cover letter - Employment history, qualifications, work eligibility - Application responses and uploaded documents Information We generate: - Interview notes, assessments, communications - Scheduling information Information From Others: - Recruiter/referral information who submit your profile - References (with your consent, before final offer) - Public professional profiles - Background verification (post offer) Voluntary Diversity and Equal Opportunity Information - We may ask you to voluntarily provide diversity information including race/ethnicity, gender, disability status and veteran status (US). Providing this information is optional and Keeper collects this data in order to comply with EEOC and similar requirements 2. How We Use Your Data - Assess your application and suitability - Manage interviews and recruitment workflow - Consider you for other/future roles (we may seek your consent to keep your information on our systems beyond the retention period specified) - Comply with employment law obligations 3. Legal Basis - Legitimate Interests (recruitment management, security and integrity of the hiring process) - Contracting steps (for progressed candidates) - Legal and regulatory compliance obligations; explicit consent where required 4. Who We Share Information With Internal: - HR, hiring managers, interviewers*, IT support for system administration *Note - diversity and equal opportunity data is not shared with hiring managers. Third Parties: Service providers who assist with: - Applicant tracking, recruitment systems and assessment providers - Background verification vendors (post offer) - Recruitment agencies (where applicable) - Tools to support communication, collaboration and to securely store your data Keeper ensures that all our third parties are contractually bound to protect your personal data with adequate safeguards in place. 5. International Transfers Your data may be accessed by Keeper entities globally as needed for the purposes of hiring and decision making. We protect any such data transfer between Keeper entities using appropriate safeguards under applicable data protection laws. 6. Security We implement appropriate technical and organizational measures to protect your data, consistent with our industry leading security standards. 7. Retention We keep your data for 24 months from your last application activity, then delete or anonymize it. Exceptions: - You opt into our talent database for further retention by providing consent (extended retention) - You're hired (transfers to employee records) 8. Your Rights You have the following rights and can contact us at the email below to exercise them: - Access, correct, or delete your data, subject to applicable law and retention requirements - Object to or restrict processing - Withdraw consent (where applicable) - Request data portability - Lodge a complaint with your data protection authority If you become an employee, your rights regarding your employee record are governed by our internal Employee Privacy Notice and certain data will be retained as required under relevant laws such as employment or tax law. When you request access to your personal data, some information may be redacted if it includes the personal data of other individuals or information that we must protect in order to preserve their privacy rights. 9. Automated Decisions Keeper does not make hiring decisions using solely automated processing. 10. Contact - Candidates can send privacy questions to: privacy@keepersecurity.com

• Own the organization's security posture. Define, implement, and maintain the controls, policies, and practices that keep Counterpart secure across human and agentic interactions. • Own our SOC 2 Type 2 and HIPAA compliance programs. Manage and automate audits, maintain evidence, and extend our compliance posture as the business and the threat surface grow. • Stay ahead of emerging threats and regulations. Continuously evaluate our security posture against new attack vectors, including data poisoning, adversarial inputs, and agent hijacking. Track how AI security standards and regulatory requirements are evolving and get ahead of them before they become mandatory. • Own IT operations end-to-end, from onboarding to offboarding. Manage and automate device procurement and provisioning, access controls, identity management, and the internal tooling stack. • Own platform infrastructure security as a hands-on member of the DevOps team. • Build and maintain sandbox architecture that allows safe experimentation without risking production systems. • Design and implement secure environments for AI agent workloads, including trust boundaries, defenses against prompt injection, data exfiltration, and other unexpected behaviors.

Description ICF is a mission-driven company filled with people who care deeply about improving the lives of others and making the world a better place. Our core values include Embracing Difference; we seek candidates who are passionate about building a culture that encourages, embraces, and hires dimensions of difference. Our Health Engineering Solutions (HES) team works side by side with customers to articulate a vision for success, and then make it happen. We know success doesn't happen by accident. It takes the right team of people, working together on the right solutions for the customer. We are looking for a seasoned SRE to establish a culture of improvement in observability and reliability. You will work closely with software engineering teams to ensure that applications, databases, pipelines and APIs run reliably. You will be expected to create, set, and exceed service level objectives as key indicators of application health. You will be working on a mission critical software program whose goal is to support the ecosystem of Centers for Medicare & Medicaid Services (CMS). Our core work hours are 10am - 4pm Eastern Time with the option to start earlier or work later depending on your time zone. Key Responsibilities: - Define and maintain SLIs, SLOs, and SLAs for the Internet-based Quality Improvement and Evaluation System (iQIES) application. - Performance tuning that will model load scenarios, forecasting capacity, and optimize scaling strategies - Design and optimize the observability stack through New Relic, CloudWatch, and Jenkins CI/CD pipelines - Participate in root cause analysis for operational issues and improve incident response process - Participate in creating, monitoring, and optimizing actionable alerts to respond to issues in a timely manner - Develop tools and scripts - Develop and maintain Jenkins CI/CD pipelines, using declarative Jenkinsfiles and foundational Groovy for pipeline logic and enhancements - Deploy services to Fargate, EKS, Lambda, Airflow, Databases - Manage security groups and access controls. Thoroughly understand fundamentals like security groups, IAM, managing RDS - Apply patch management and hardening practices - Align with DevOps and Technical Leads to ensure overall strategy - Actively participate in releases and product launches with expectation of being online during release windows Required Qualifications - 5+ years experience in a software development environment and a Bachelor’s degree; OR 3+ years experience in a software development environment and a Master’s degree - 5+ years supporting a high‑availability production environment (cloud or on‑prem) - 3+ years of working in a SRE role in a large scale cloud implementing high availability and scalability - 3+ years of experience focused on SRE, DevOps, or Platform Engineering - Must be able to obtain and maintain a public trust clearance - Candidate must reside in the US, be authorized to work in the US, and work must be performed in the US - Must have lived in the US 3 full years out of the last 5 years Preferred Qualifications - Previous work in a regulated healthcare or federal agency environment - Full stack web development experience - Expert in deployment techniques to minimize down-time like Blue-Green, Canary, A/B testing approaches, and zero downtime deployments - Understanding of security groups and access controls - Experience with Atlassian tooling such as Jira and Confluence  Professional Skills and Tools: - Cloud platform experience with AWS - Observability: CloudWatch, New Relic or similar - Infrastructure: Kubernetes, Docker - IaC: Terraform - CI/CD: Git, Jenkins or GitHub Actions - Database: SQL relational database - Docker: Thorough understanding of Docker and Docker Compose. Understand best practices, caching, volume mounts, etc - Highly effective analytical, problem-solving, and decision-making capabilities. - Strong written and verbal communication skills  - Ability to clearly articulate and communicate complex technical ideas to non-SRE colleagues.  - Ability to understand project requirements and be innovative in finding solutions in highly regulated government environments.  - Flexibility and the ability to accept a change in priorities as necessary.  - Demonstrated time management skills.  - Strong organizational skills with attention to detail.  Job Location: This position requires that the job be performed in the United States. If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses, and also prohibits personal VPN connections. Working at ICF ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy. We will consider for employment qualified applicants with arrest and conviction records. Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.  Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. Candidate AI Usage Policy At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.   Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $108,476.00 - $184,409.00 Nationwide Remote Office (US99)