Senior DevSecOps / Platform Security Engineer (AWS + Kubernetes)

Red Cell Partners is an incubation firm building and investing in rapidly scalable technology-led companies that are bringing revolutionary advancements to market in three distinct practice areas: healthcare, cyber, and national security. United by a shared sense of duty and deep belief in the power of innovation, Red Cell is developing powerful tools and solutions to address our Nation’s most pressing problems.

DEFCON AI is a modeling, simulation, and analysis (MS&A) company that provides cutting-edge technology solutions for generating operationally relevant insights for the next generation of logistics and mobility decision making. An AI- driven software incorporating an intelligent agent within a simulation environment — DEFCON is the next driving force in defining how logistics disruptions are handled.

We are a team of mission-focused, world-class AI Engineers, mobility, and logistics experts (and some business folks) who are leveraging big data and cutting-edge technology to develop the next generation of technologies for addressing how our partners can better prepare for contested mobility disruptions. Together, we are building much needed solutions to address our Nation's pressing challenges in the areas of logistics and mobility. 

We’re hiring a senior, hands-on DevSecOps/Platform Security Engineer to build and operate production security controls across our AWS and Kubernetes platform. You’ll design and implement guardrails that make secure delivery the default—covering CI/CD security automation, software supply chain controls, and Kubernetes policy enforcement—while partnering closely with Platform/SRE and Security/GRC.

• →Design, build, and maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards).
• →Implement Kubernetes security architecture and guardrails (RBAC hardening, workload security baselines, admission policies, network policies, and safe multi-tenant patterns as applicable).
• →Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows.
• →Operationalize vulnerability management with risk-based prioritization, measurable remediation SLAs, and dashboards/metrics (MTTR, exposure trends, top recurring root causes).
• →Drive developer enablement: clear documentation, lightweight design reviews/threat modeling for high-impact changes, office hours, and high-signal guidance embedded in tooling.

This role supports delivery into regulated environments and works closely with Security/GRC to implement engineering-owned controls and produce audit-ready evidence. You’ll help translate requirements (for example, NIST SP 800-171 and CMMC expectations) into practical, automated guardrails within CI/CD, AWS, and Kubernetes.

• 5+ years of experience in DevOps/SRE/Platform Engineering and/or Security Engineering with a strong automation and delivery focus.
• Hands-on experience securing AWS environments: IAM (least privilege), network controls, encryption (KMS), and centralized logging/detection.
• Strong Kubernetes security experience (EKS or equivalent): RBAC, workload hardening, and policy enforcement via admission control.
• Experience integrating security into CI/CD pipelines and developer workflows (SAST, SCA, secrets scanning, container scanning, IaC scanning).
• Infrastructure as Code proficiency (Terraform, CloudFormation, CDK, or Pulumi) and ability to embed guardrails into IaC workflows.
• Proficiency scripting/coding (e.g., Python, Go, Bash) to build integrations, automations, and internal tooling.
• Able to communicate risk and tradeoffs clearly and pragmatically to engineers; improves signal-to-noise rather than adding friction.

• Experience with Kubernetes policy-as-code tooling (OPA/Gatekeeper, Kyverno) and secure workload identity patterns (OIDC/IRSA).
• Experience with software supply chain security: SBOM generation and management, signing/verification (e.g., cosign), and provenance concepts.
• Experience building ‘golden paths’ or internal developer platforms that improve both delivery velocity and security outcomes.
• Familiarity with regulated delivery expectations (NIST SP 800-171/CMMC) and evidence-driven control implementation.

• Pragmatic, automation-first approach: secure-by-default, low-friction workflows.
• Partners closely with Platform/SRE and Security/GRC; clear ownership and measurable outcomes.
• Focus on durable systems: guardrails, templates, and controls that scale across teams.

• Analytical Aptitude: Possess keen analytical and problem-solving skills, coupled with the capability to understand complex software challenges and collaborate toward viable solutions. 
• Effective Communication: Skilled in distilling technical complexities into comprehensible terms for varied audiences. 
• Adaptive Nature: Resilience and adaptability in the face of an ever-changing tech landscape, with a knack for rapidly integrating new technologies and methodologies. 
• Agile Methodology Experience: An understanding and hands-on experience with agile development methodologies and version control tools. 
• Agility in Tech: Demonstrated adaptability in the fast-paced tech landscape, continually embracing and integrating new technologies and methodologies. 
• Education: While formal education in Computer Science or related fields is a plus, DefconAI values hands-on experience and demonstrable skills above all. Candidates with 6+ years of relevant experience will be considered regardless of their academic pedigree. 
• Continuous Learner: A commitment to perpetually update one's skill set, staying aligned with the latest in technology trends and best practices.