Senior DevSecOps Engineer

Clearco is the capital partner that thinks like a founder. We provide fast, flexible, and founder-first funding designed to scale with your momentum. With over $3 billion deployed to 10,000+ brands, Clearco is the only platform offering both Cash Advance and Invoice Funding in one place. Our performance-driven model delivers competitive terms, capped weekly repayments, and access to capital in as little as 24 hours. There’s no dilution, no personal guarantees, and no friction. Whether you're securing inventory, funding ads, or launching your next big product, Clearco helps you move faster with confidence.

We are hiring a Senior DevSecOps Engineer to operate at the intersection of Infrastructure, Security, and Reliability. This is a hands-on senior role that strengthens Clearco’s cloud security posture, builds secure-by-default platform guardrails, and improves our ability to detect and respond to security incidents. You will partner closely with Product Engineering, Data Science, and IT to make security a practical part of how we build and run systems.

• →

  Own platform security and reliability improvements across our GCP environment.

• →

  Harden identity and network controls in GCP (IAM patterns, service accounts and workload identity, organization policies, and network segmentation controls).

• →

  Build security into CI/CD by implementing and enforcing scanning and policy controls (SAST, SCA, secret detection, and container/image scanning).

• →

  Drive vulnerability management and supply chain risk reduction across services, dependencies, container images, and build pipelines.

• →

  Lead threat modeling and security design reviews for new features and material architecture changes.

• →

  Improve security observability and detection quality by tuning telemetry, reducing noise, and building high-signal detections and dashboards.

• →

  Lead investigations and coordinate incident response for security alerts and incidents, and drive follow-ups from post-mortems into preventative improvements.

• →

  Champion secure SDLC practices through standards, documentation, guardrails, and coaching for product engineering teams.

• →

  Define and maintain end-user device security standards, including requirements for security agents such as EDR and remote access tooling, and partner with stakeholders for operational execution.

• →

  Support compliance and audit readiness by conducting internal security reviews and helping align practices with frameworks and regulations (SOC 2, GDPR, NIST), including evidence support where needed.

Requirements

• 5+ years of relevant experience spanning cloud infrastructure and security (DevSecOps, platform security, security engineering, SRE with strong security focus).

• Deep hands-on experience with GCP (preferred) or AWS, including strong fundamentals in cloud networking and identity.

• Strong hands-on experience with Kubernetes and service networking.

• Strong Infrastructure-as-Code skills (for example Terraform) and the ability to build reusable, maintainable automation.

• Practical experience integrating security into CI/CD and engineering workflows, including scanners and policy enforcement.

• Experience with incident response: investigation, coordination, post-incident follow-through, and continuous improvement.

• Experience with vulnerability management and software supply chain risk.

• Comfortable partnering cross-functionally and driving work end-to-end in ambiguous areas.

Nice to have

• Experience with Istio.

• Familiarity with application security scanning tools like Semgrep, Veracode, GitHub Advanced Security, or equivalent.

• Familiarity with CrowdStrike (EDR) and Splunk (SIEM).

• Familiarity supporting compliance and audit readiness (SOC 2, GDPR, NIST), including evidence support.