← Back to careers

Apply to pipeline

Senior DevSecOps Engineer

KS-026

Job Description: Senior DevSecOps Engineer About KrateoSky KrateoSky is building the trusted Western champion in AI aerial robotics—a unified perception and actuation platform that will make the skies the world's most trusted and transformative engine of productivity. We are not a drone company. We are the autonomy…

Department: AI Office

Location: United States (US)

Full role description

Jump to application

Job Description: Senior DevSecOps Engineer

About KrateoSky

KrateoSky is building the trusted Western champion in AI aerial robotics—a unified perception and actuation platform that will make the skies the world's most trusted and transformative engine of productivity. We are not a drone company. We are the autonomy infrastructure powering robotic flight and aerial intervention across defense, industry, and public safety. We are executing a rapid roll-up strategy to consolidate best-in-class technologies, creating the first at-scale, AI-native alternative.

Speed and scale define our competitive advantage. We move fast by questioning assumptions, removing complexity, and rapidly demonstrating over analyzing. We scale by building certifiable platforms on reusable architectures. Our AI-native, digitally connected ecosystem amplifies this advantage, automating tedious work so engineers focus on novel problem-solving. We keep our back office small and our organization flat to maintain velocity and operate as one integrated team with real-time visibility into trade-offs, risks, and progress.

You're joining at the beginning when your decisions define how we scale to Western leadership. We're building a dream team of high performers to establish the processes, tools, and culture that enable rapid acquisition integration and platform scalability for missions that matter. No PowerPoint purgatory, no "that's how aerospace does it" sacred cows. First principles, data-driven decisions, hands-on execution.

Position Summary

You will write and maintain the secure Infrastructure-as-Code, CI/CD pipelines, identity/access controls, and automated monitoring systems that protect KrateoSky's cloud and edge platform. Sitting within the SRE team and reporting directly to the Principal Cloud Platform Architect, you will turn security and compliance requirements into robust, automated platform realities. Your administrative home is the cloud platform team; your security backlog and control priorities will be co-shaped with the Director of Security & Compliance.

Senior IC role: This is a high-agency individual contributor role. You will be hands-on from day one. We are looking for an engineer who writes secure, clean code and configures robust platform infrastructure. You don't just find vulnerabilities; you solve them by patching systems, building automated gates, and hardening environments directly in production. You think in systems but can get deep into the details of Kubernetes configurations, IAM policies, and deployment pipelines.

You are AI-native in how you work—AI assistants are your default environment. You generate secure Terraform boilerplate, Kubernetes NetworkPolicies, automated policy-as-code guardrails, and compliance test scripts with LLMs, and you use AI for debugging IaC, tracing vulnerability paths, and auto-remediating cloud alerts. You see AI as the reason a small, elite team can outperform a traditional organization three times its size.

Embody our values and behaviors—deliver precision and quality, challenge how things are done, break problems into fundamentals, automate relentlessly, hold yourself accountable, and deliver together no matter the obstacles. You must exhibit Above the Line behaviors: operating as a Coach, Creator, and Challenger rather than a Victim, Hero, or Villain. You apply automation-first engineering: your default instinct is to write a script or config to eliminate a manual operational task rather than letting it become recurring manual labor. You operate as an egoless collaborator, prioritizing clear documentation discipline and sharing platform knowledge across our development teams. Finally, you maintain a strong PDCA (Plan-Do-Check-Act) orientation, demonstrating a willingness to experiment, learn from failure, and iterate.

Key Responsibilities

  • Secure Infrastructure-as-Code (IaC) & Pipelines: Build and maintain secure-by-default Terraform templates, Helm charts, and CI/CD pipelines across Azure Commercial and Azure Government. Implement automated scanning (SAST, DAST, SCA) directly into the deployment loop.

  • Container & AKS Platform Security: Harden our Kubernetes (AKS) environments, implementing network policies, container security monitoring (Wiz, Prisma Cloud, Snyk, or Aquasec), pod security standards, and zero-trust runtime configurations.

  • Identity, Access, and Secrets Management: Architect and operationalize Entra ID RBAC, privileged access, and secure secrets management (Azure Key Vault, HashiCorp Vault). Maintain the cryptographic and PKI pipelines that secure edge drones and ground control systems.

  • On-Call & Security Incident Response: Collaborate with SRE and IT Operations to share a unified rotational on-call schedule. Develop automated triaging playbooks to instantly isolate resources, rotate compromised credentials, or lock identities under fire.

  • Operating Model & Prioritization: Operate inside the cloud platform/SRE delivery cadence under the Principal Cloud Platform Architect while taking functional direction on security controls, audit-readiness priorities, and compliance backlog from the Director of Security & Compliance. Your job is to resolve security/platform trade-offs in code and infrastructure—not to create a separate security silo.

  • AI-Native Execution: Maximize engineering velocity by building automated self-healing mechanisms, leveraging AI to triage vulnerabilities, and using policy-as-code templates to prevent misconfigurations from reaching production.

    • Automated Vulnerability Patching: Integrate secure LLM loops to ingest Snyk or Wiz alerts, auto-generate pull requests containing validated package upgrades or IaC fixes, and trigger regression testing.

    • Automated Compliance Verification: Write custom webhooks and Python integrations (using n8n or serverless functions) that map Azure configurations dynamically to Vanta, providing continuous compliance evidence.

    • Intelligent Alert Triage: Feed infrastructure logs and SIEM security alerts through an AI-triage agent to automatically classify and resolve false positives, ensuring engineers only get paged for real threats.

  • System Building & Documentation: Document all secure deployment architectures and compliance patterns, making it seamless to integrate new software assets from future acquisitions.

  • M&A Technical Support: Help assess acquired companies' DevOps pipelines, identifying credential leaks, active cloud vulnerabilities, and infrastructure architecture debt.

  • Cross-Functional Collaboration: Partner with the Principal Cloud Platform Architect (direct manager), the Director of Security & Compliance (functional security lead), and the Dev/ML teams to enable fast and secure software delivery. Work inside a dual-prioritization model: platform reliability and developer velocity are driven through the cloud platform roadmap, while security control priorities and audit-readiness requirements are co-prioritized with the Director of Security & Compliance.

Required Qualifications

  • 5+ years of experience in DevSecOps, SRE, or Cloud Security Engineering with a focus on modern cloud platforms.

  • Proven Track Record: You have shipped and maintained secure cloud platforms in production, responded to real vulnerabilities or incidents, and integrated automated security tooling directly into developer workflows (not just administered scanners or run checklist compliance programs).

  • Technical & Tooling Depth: Fluent in Kubernetes/AKS security, Infrastructure-as-Code (Terraform/OpenTofu), CI/CD security, cloud IAM/secrets management, and modern DevSecOps tooling suites (e.g., Snyk, Wiz, Prisma Cloud, Aquasec, or comparable platforms).

  • Systems & Troubleshooting Depth: Strong Linux, networking, container, and log-based debugging skills. You can trace a security issue across the build system, identity plane, cluster runtime, and cloud infrastructure and drive it to remediation.

  • Pipeline Integration: Direct experience integrating automated vulnerability scanners (e.g., Snyk, Wiz, Trivy) natively into CI/CD pipelines.

  • AI-Native Proficiency: Cursor, GitHub Copilot, and automated coding assistants are your default IDE tools; you are highly productive at generating IaC, Python scripting, and shell automation using AI.

  • Clearance Eligibility: Due to the nature of this role and the work performed, candidates must be eligible to obtain and maintain a U.S. Department of Defense (DoD / Department of War) Secret security clearance.

Desired Qualifications

  • Experience implementing security controls in environments aligned with CMMC Level 2 (NIST 800-171), FedRAMP, or other regulated environments.

  • Background in securing telemetry, IoT, drone GCS, edge robotics, or other sensor-heavy connected systems.

  • Experience working in Azure Government, dual-use "Red/Green" environments, or other partitioned government/commercial cloud architectures.

  • Familiarity with PKI, device identity, certificate rotation, or secrets distribution for edge hardware or fleets.

Logistics

  • Location: Remote (US) / Denver, CO / Denton, TX

  • Reports To: Principal Cloud Platform Architect

  • Travel: 10% or less (minimal travel required)

  • Compensation: $111,000 - $170,000 / year (Targeted base; total package includes comprehensive benefits)

Application

Step 1 of 9Your details
x

Your details

Tell us how to reach you

Portfolio or personal site — optional, so our team can learn more about you.