Juno Senior DevOps Security Engineer Remote · Full time Company website

Apply for Senior DevOps Security Engineer

Founded by a CPA and tax firm owner, Juno is a fast-growing AI company solving real problems for tax accounting firms. Our mission is to empower every tax professional with technology that truly understands the job because it’s built by someone who’s lived it. Trusted by hundreds of firms and growing quickly, we’re building tools people rely on every day. If you’re excited about using AI to solve real problems and help shape the future of tax, we’d love for you to be part of it.

Key Responsibilities:

• AWS Infrastructure Management:
  • Oversee and maintain our AWS environment, ensuring optimal performance and cost efficiency.
  • Implement and manage infrastructure as code (e.g., Terraform, CloudFormation) to support agile deployments.
• Security & Compliance:
  • Partner with application engineers to perform threat modeling and security design reviews
  • Monitor, detect, and respond to cloud and infrastructure security events
  • Develop automated controls for vulnerability management, configuration drift, and policy enforcement
  • Implement encryption, code signing, and secure configurations across our infrastructure.
  • Integrate security layers, privacy controls, and access management that meet SOC2 compliance requirements.
• Monitoring & Alerting:
  • Design, implement, and manage monitoring and alerting systems (e.g., AWS CloudWatch, Prometheus, Grafana) to proactively identify and address issues.
  • Develop automated incident response procedures and collaborate on a robust escalation process.
• Scaling & Performance Optimization:
  • Architect solutions that ensure our microservices and applications scale efficiently under varying loads.
  • Optimize system performance and resource utilization through continuous monitoring and iterative improvements.
• Collaboration & Process Improvement:
  • Work closely with cross-functional teams to streamline deployment pipelines, ensuring smooth integrations and rapid rollouts.
  • Document processes, best practices, and contribute to continuous improvement initiatives across development and operations.

Required Qualifications:

• Experience:
  • 7+ years of experience in DevOps, infrastructure, or cloud engineering, with a strong security focus
  • Deep hands-on experience securing AWS environments in production
  • Advanced experience with Terraform and infrastructure-as-code security best practices
  • Proven experience embedding DevSecOps controls into CI/CD pipelines, including SAST, DAST, dependency scanning, and secrets detection
  • Solid understanding of:
    • IAM and least-privilege access models
    • Network security, encryption, and secrets management
    • Container and cloud-native security concepts
  • Ability to balance startup speed with financial-grade security
• Technical Skills:
  • Strong background in DevOps principles, continuous integration/continuous deployment (CI/CD) pipelines, and containerization (Docker, Kubernetes).
  • Strong working knowledge of OWASP Top 10 and OWASP ASVS, with the ability to translate application security requirements into cloud and pipeline controls
  • Experience implementing secure software supply chain practices aligned with OWASP dependency and CI/CD security guidance
  • Deep understanding of cloud security architecture, including IAM, network segmentation, encryption in transit and at rest, and key management
  • Hands-on experience designing and enforcing least-privilege access models and secure identity federation
  • Familiarity with vulnerability management, configuration drift detection, and continuous security monitoring in AWS environments
  • Ability to perform threat modeling and security design reviews for cloud-native and microservices-based applications
  • Working knowledge of security controls required in regulated environments (e.g., SOC 2, PCI DSS), with an emphasis on preventative and automated controls
  • Solid scripting skills (e.g., Bash, Python) and experience with automated tooling.
  • Demonstrated understanding of security best practices in cloud environments, including compliance frameworks like SOC2.
• Soft Skills:
  • Excellent problem-solving abilities and a proactive attitude toward troubleshooting and optimization.
  • Effective communication skills with the ability to collaborate across teams and document technical processes clearly.