• Support the availability and durability of critical services across production environments. • Monitor service health using SLIs, SLOs, and error budgets, and escalate issues when thresholds are at risk. • Participate in on-call rotations, incident response, and post-incident reviews to drive service improvements. • Follow established ITIL/OSS processes (incident, change, problem, and capacity management). • Develop automation for common operational tasks, reducing manual intervention and toil. • Contribute to monitoring, logging, and alerting frameworks (e.g., Prometheus, Grafana, Catchpoint,ELK). • Work with CI/CD pipelines, configuration management, and infrastructure as code tools (Terraform, Ansible, Jenkins). • Write scripts (Bash, Python, Go, etc.) to improve system reliability and efficiency. • Partner with engineering, product, and operations teams to support resilient system design and operations. • Assist in capacity planning and disaster recovery exercises. • Work with vendors and service providers to troubleshoot service issues and track SLA performance. • Document systems, share learnings, and help grow a reliability-minded engineering culture. • Contribute to playbooks, runbooks, and operational documentation. • Identify recurring issues and propose long-term improvements. • Promote reliability-focused practices within development and operations teams.

• Fleet Management at Scale: Design, implement, and maintain robust and secure device management strategies for remote devices using Unified Endpoint Management (UEM), MDM solutions, and orchestration tools. • Reliability & Monitoring: Develop and manage observability pipelines to track device health, connectivity, and performance metrics across diverse warehouse environments. • OTA & Lifecycle Management: Own the end-to-end lifecycle of device software, including secure Over-the-Air (OTA) firmware updates, rollback strategies, and OS hardening. • Incident Response: Participate in on-call rotations to troubleshoot complex system failures, performing root cause analysis (RCA) to drive long-term reliability improvements. • Self-Healing Infrastructure: Develop automated remediation scripts that detect and fix common edge issues such as hung scanning processes or display driver freezes without manual intervention. • Zero-Touch Scalability: Architect and maintain remote provisioning and management workflows for a global fleet of Linux, iPads, and Android devices using secure remote management strategies. • Secure Remote Access: Implement and manage secure remote access protocols such as SSH, VPNs, and private APNs to enable out-of-band troubleshooting and real-time device control without physical site visits. • SLO/SLI Frameworks: Define and enforce Service Level Objectives (SLOs) and Service Level Indicators (SLIs) for device availability, connectivity, and peripheral performance. • Error Budget Management: Use error budgets to balance the pace of innovation with fleet reliability, ensuring data-driven decisions for feature releases versus stability fixes. • Security Governance: Align fleet operations with industry standards such as the NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and CIS Controls. • Vulnerability Management: Drive continuous monitoring and automated patching schedules to mitigate risks and ensure regulatory compliance across all managed device platforms.

Role Description As the Staff DevSecOps Engineer, you will be the technical owner of how security is built into Trase's software development lifecycle and cloud operations. - Integrate automated security testing, continuous vulnerability management, and secure coding practices directly into existing CI/CD pipelines. - Own the implementation of Trase's dedicated security architecture, delivering shift-left tooling (SAST, DAST, SCA, secrets scanning, and IaC scanning) alongside production cloud security services. - Standardize and operate secure pipelines to empower Trase's software engineers while maintaining required controls and capabilities. Qualifications - 10+ years of experience in security engineering, DevSecOps, cloud security, or platform security roles. - Deep, hands-on experience securing modern CI/CD pipelines. - Strong cloud security expertise, primarily in Google Cloud Platform. - Expert-level Terraform skills with a track record of building secure-by-default IaC modules. - Demonstrated experience with SIEM operations and incident response leadership. - Practical experience in environments governed by SOC 2, HIPAA, and ISO 27001. - Strong programming or scripting skills (Python, Go, or similar). - Excellent partnership skills and a developer-empathetic mindset. - Strong affinity for working with LLMs and AI agents. - US Citizen and eligible for US security clearance. Requirements - Design, implement, and operate the shift-left security toolchain across Trase's CI/CD pipelines. - Define how findings are triaged, routed, and remediated. - Establish and enforce policy-as-code and pre-merge security gates. - Design and deploy Trase's production cloud security architecture. - Implement foundational controls including network segmentation and workload identity. - Build, codify, and maintain secure-by-default infrastructure modules in Terraform. - Operate and fine-tune Trase's SIEM and security telemetry pipeline. - Enhance and lead aspects of Trase's technical security incident response capability. - Operate the end-to-end vulnerability management lifecycle. - Partner closely with Engineering and the broader Security and Compliance team. - Mentor junior Security and Compliance engineers and members of the Engineering team. Benefits - Career track opportunity with potential for rapid advancement. - 100% employer paid, comprehensive health care including medical, dental, and vision for you and your family. - Paid maternity and paternity for 14 weeks at employees' normal pay. - Unlimited PTO, with management approval. - Opportunities for professional development and continued learning. - Optional 401K, FSA, and equity incentives available. - Mental health benefits available through Tara Mind. - Cost effective GLP-1 solutions available through Crux.

Role Description As the Staff DevSecOps Engineer, you will be the technical owner of how security is built into Trase's software development lifecycle and cloud operations. - Integrate automated security testing, continuous vulnerability management, and secure coding practices into existing CI/CD pipelines. - Own the implementation of Trase's dedicated security architecture, delivering shift-left tooling (SAST, DAST, SCA, secrets scanning, and IaC scanning). - Standardize and operate secure pipelines to empower software engineers to focus on high-velocity delivery while maintaining necessary controls. Responsibilities - Shift-Left Security in CI/CD: - Design, implement, and operate the shift-left security toolchain across CI/CD pipelines. - Define how findings are triaged, routed, and remediated; partner with engineering teams. - Establish and enforce policy-as-code and pre-merge security gates calibrated to risk. - Cloud Security Architecture: - Design and deploy production cloud security architecture, focusing on Google Cloud Platform (GCP). - Implement foundational controls including network segmentation, workload identity, secrets management, and encryption. - Operate cloud security posture management (CSPM) and cloud workload protection capabilities. - Infrastructure-as-Code & Platform Security: - Build, codify, and maintain secure-by-default infrastructure modules in Terraform. - Embed security controls directly into platform abstractions. - Drive secure baselines for Kubernetes, container runtimes, and serverless workloads. - Detection, Monitoring & SIEM: - Operate and fine-tune Trase's SIEM and security telemetry pipeline. - Define detection-as-code practices and tune detections. - Build dashboards and reporting for real-time visibility into the environment. - Incident Response: - Enhance and lead aspects of Trase's technical security incident response capability. - Serve as a senior responder during security events. - Vulnerability & Threat Management: - Operate the end-to-end vulnerability management lifecycle across application, container, and cloud surface area. - Facilitate remediation SLAs and report on progress to leadership. - Cross-Functional Partnership: - Partner closely with Engineering and the broader Security and Compliance team. - Embed with Product and Engineering teams to ensure security is integral to Trase's builds. - Mentorship & Engineering Leadership: - Mentor junior Security and Compliance engineers and members of the Engineering team. - Establish and propagate patterns, runbooks, and reusable building blocks. Qualifications - 10+ years of experience in security engineering, DevSecOps, cloud security, or platform security roles. - Deep, hands-on experience securing modern CI/CD pipelines. - Strong cloud security expertise, primarily in Google Cloud Platform. - Expert-level Terraform skills with a track record of building secure-by-default IaC modules. - Demonstrated experience operating a SIEM end-to-end. - Hands-on incident response leadership experience. - Practical experience in environments governed by SOC 2, HIPAA, and ISO 27001. - Strong programming or scripting skills (Python, Go, or similar). - Excellent partnership skills and a developer-empathetic mindset. - Strong affinity for working with LLMs and AI agents. - US Citizen and eligible for US security clearance. Nice to Have - Hands-on experience implementing security architectures for FedRAMP, DoD RMF, HITRUST, or other heavily regulated frameworks. - Active US security clearance (Secret, TS, or TS/SCI). - Deep Kubernetes and container security expertise. - Experience securing AI/ML workloads. - Industry certifications such as Google Professional Cloud Security Engineer, AWS Security Specialty, OSCP, GIAC, or CKS. - Open source contributions to security tooling, detection content, or IaC modules. Salary Range $170,000-245,000. This represents the typical salary range for this position based on experience, skills, and other factors. Benefits - Career track opportunity with potential for rapid advancement. - 100% employer paid, comprehensive health care including medical, dental, and vision for you and your family. - Paid maternity and paternity for 14 weeks at employees' normal pay. - Unlimited PTO, with management approval. - Opportunities for professional development and continued learning. - Optional 401K, FSA, and equity incentives available. - Mental health benefits available through Tara Mind.