• Design and architect the DevSecOps platforms to meet the organization's scalability, performance, and security requirements. • Conduct technology evaluations and re-engineering activities to support strategy definition and continuous improvement activities. • Integrate and manage a suite of DevSecOps tools, including source code repositories, continuous integration/continuous deployment (CI/CD) pipelines, automated testing, and security scanning tools. • Implement automated Key Performance Indicators (KPIs) to measure and report DevSecOps platform utilization against agreed SDLC standards to provide DevOps maturity and Security posture. • Establish and enforce DevSecOps policies, standards, and best practices to ensure compliance with industry regulations and organizational security policies. • Lead and mentor a team of DevSecOps engineers globally, providing technical guidance, training, and support to foster a culture of continuous learning and improvement. • Collaborate with cross-functional teams, including developers, operations, security, and business stakeholders, to promote collaboration and alignment across the organization. • Monitor the DevSecOps platform for security incidents and anomalies, and lead incident response efforts to mitigate risks and ensure the integrity of the platforms.

• Prepare and install solutions by determining and designing system specifications, standards, and programming • Improve operations by conducting systems analysis and recommending changes in policies and procedures • Provide day-to-day technical leadership; leverage professional experience to recommend best practices, systems, and architectures • Design, build, and maintain efficient, robust, scalable CI/CD pipelines and automated workflows for software delivery, integration, and testing • Provide leadership in establishing best practices for DevOps, configuration management, and pipeline automation • Participate in requirements refinement, architecture discussions, design specification reviews, and test plan development for features across the full stack • Write clean, maintainable code and documentation using engineering best practices • Write unit, component, and integration tests • Develop, implement, and manage automated build, test, and deployment pipelines using tools such as Terraform, Cloud Formation, Github workflows, GitHub Actions, Jfrog Artifactory or similar tools • Collaborate with development, QA, and operations teams to ensure end-to-end pipeline reliability and performance • Monitor, troubleshoot, and optimize pipeline processes; implement metrics and reporting for pipeline health • Integrate tools for automated code quality checks, security scanning, and continuous integration • Evaluate and adopt new technologies for pipeline automation and DevOps practices • Ensure compliance with regulatory and security standards within the build/deployment pipeline • Guide teams in source control management (e.g., branching strategies, Git workflows) • Support onboarding and training for pipeline usage and best practices across engineering functions

• Collaborate with teams to implement and maintain Bazel build systems. • Optimize build processes and improve overall build efficiency. • Ensure adherence to best practices in software development and deployment.

About Wyllo Wyllo is a CX-first, end-to-end risk intelligence platform that helps ecommerce merchants manage fraud, policy abuse, and customer experience across the entire commerce lifecycle. By combining identity signals with behavioral intelligence, Wyllo enables merchants to better understand shopper intent and make smarter decisions across checkout, returns, refunds, and customer support. Wyllo works with leading ecommerce brands and integrates directly into the platforms where merchants manage orders and customer interactions. Learn more at www.wyllo.ai About the Role As Senior DevSecOps hire, you'll architect security into every layer of our AWS infrastructure while maintaining the velocity that makes us successful. You'll own our compliance automation strategy for PCI DSS and SOC2, secure our machine learning models from adversarial attacks, and build the security foundation for our next phase of growth. You will Security Architecture & Automation (45%) - Lead design and implementation of enterprise-grade security controls across AWS infrastructure (EC2, ECS, Kubernetes) - Architect automated security scanning into CI/CD pipelines (Jenkins, GitHub Actions, Harness) - Design and implement policy-as-code for Terraform infrastructure using Spacelift - Lead container security strategy including scanning, hardening, and runtime protection (CrowdStrike) - Mentor team members on security best practices and secure architecture patterns - Define security roadmap and drive strategic security initiatives Compliance & Risk Management (25%) - Lead PCI DSS and SOC2 compliance automation and evidence collection strategy - Design and maintain continuous compliance monitoring with automated controls - Conduct comprehensive security assessments and advanced vulnerability management - Create security documentation, runbooks, and compliance artifacts - Serve as technical liaison for security audits and assessments Incident Response & Monitoring (20%) - Architect and optimize AWS security services (GuardDuty, Security Hub, Inspector) - Design advanced security monitoring with Datadog SIEM integration - Lead incident response procedures and conduct post-mortems - Implement intelligent automated remediation workflows - Establish security metrics and reporting dashboards Developer Enablement (10%) - Build self-service security tools and guardrails for development teams - Conduct security training and establish security champions program - Implement frictionless security controls that enable velocity - Drive security culture across the engineering organization You have Technical Skills - 6+ years securing production AWS environments with deep expertise in IAM, VPC architecture, and AWS security services - 5+ years mastering Infrastructure as Code with advanced Terraform patterns and security best practices - Expert-level Python and Bash scripting for complex security automation - 3+ years hands-on container security (Docker hardening, multi-stage builds, ECS/EKS security) - Proven experience integrating security into CI/CD pipelines at scale - Deep knowledge of PCI DSS and SOC2 with hands-on compliance implementation experience - Experience with security scanning tools (Snyk, Trivy, tfsec, Tenable) and secrets management (Doppler, AWS Secrets Manager) Mindset & Approach - Automation-first mentality with demonstrated track record of eliminating toil and manual processes - Strategic balance between security rigor and business velocity - Excellent communication skills for working with developers, leadership, auditors, and external stakeholders - Experience working in high-performance, fast-moving startup environments Working at Wyllo We’re a high-performing team that is passionate about fraud and a community driven by values that shape everything we do. We seek passionate and dedicated individuals who align with our core principles; Integrity, Pride, Humility and Impact. - ​​Integrity: We do the right thing, even when it’s tough, and even if no one sees it. We always consider the customer’s best interest in every decision we make. - Pride: We know that the work we do is important, and we take great pride in doing it well. We show up every day with the best intentions, ready to deliver superb outcomes for our team, our customers, and ourselves. - Humility: We leave our egos at the door, approaching problems as a team, with openness and collaboration. We’re willing to be wrong in order to get things right. - Impact: We are results-oriented, we take ownership, and we hold ourselves accountable to get things done and deliver results. If you are excited to collaborate in a fast-paced, purpose-driven environment where your contributions truly matter, we’d love to have you join us! Equal Employment Opportunity Wyllo LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics, sexual orientation, political affiliation, military veteran status, domestic violence victim status, or any other protected characteristic under applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.