Remote

Senior DevSecOps Engineer

Remote Posted Jul 16, 2026 0 views

Compensation

Compensation not disclosed

This employer didn't list pay. Model a likely range with the calculator.

Model this offer in the calculator

Posting language

Tone
Neutral
Subjectivity
0.00

Job description

BankrateJobs
Senior DevSecOps Engineer

Senior DevSecOps Engineer

Posted 2 Days Ago
Easy Apply
Hiring Remotely in United States
Remote
130K-225K Annually
Senior level
Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Connecting people to trusted ways to save borrow and thrive
The Role
Lead and build the DevSecOps function: implement SOC 2 controls automate compliance and evidence pipelines own cloud security posture CI/CD security gates vulnerability management and AI-assisted auto-remediation to embed security as code across the developer lifecycle.
Summary Generated by Built In

*This role is open to remote or hybrid candidates (East Coast preference) with hybrid being central to our New York NY or Charlotte area offices. Must be able to work Eastern Standard Time hours.

Platform Engineering builds the foundations our product teams ship on — deployment infrastructure and security. We're hiring a DevSecOps Engineer to be the technical owner of our security posture and a force multiplier for every engineer at the company. This is a build-the-function role not a ticket-taking role. You'll treat security as code bake it into the development lifecycle and automate the toil away so teams can ship fast and safely. You'll have unusually broad ownership and unusually high impact.

What You’ll Do:

  • Own the engineering side of our compliance program (SOC 2 Type 2): implementing controls collecting evidence and keeping us audit-ready.
  • Operate our compliance automation platform — integrations evidence pipelines and mapping controls to real implementation.
  • Productize compliance: policy-as-code automated evidence generation and guardrails so passing audits doesn't slow product delivery.
  • Own cloud security posture management and runtime security tooling: posture monitoring container and IaC scanning and runtime coverage across our environment.
  • Triage and remediate findings against demanding SLAs and design the automation and alerting that keeps pace with volume manual effort can't.
  • Build auto-remediation workflows — including AI-assisted pipelines — that detect file and (where safe) fix findings with minimal human intervention.
  • Build and maintain CI/CD security gates: SAST/SCA secret scanning SBOM generation dependency management and container/IaC scanning — implemented as reusable pipeline components and enforced through automated policy.
  • Encode security and compliance controls into infrastructure-as-code and policy-as-code so the easy path is the secure path.
  • Help close the prototype-to-production gap: turn fast-moving prototypes into production-grade secure-by-default systems with automated guardrails.
  • Make secure-by-default the norm through our internal tooling so the right controls are applied automatically rather than relying on engineers to remember.
  • Build the automation the team runs on — reusable modules pipeline components and AI/agentic tooling that turn manual security work into self-service capability.
  • Partner with corporate security and GRC functions while building and maturing our in-house security capability so the team can make sound security decisions quickly and independently

What We’re Looking For:

  • 5+ years in security engineering DevSecOps or platform/infrastructure engineering with a strong security focus (Staff level: 8+ years and a track record of building security functions or programs).
  • Deep hands-on cloud security experience (compute networking IAM key management logging) on a major cloud provider.
  • Strong infrastructure-as-code skills especially Terraform including policy-as-code.
  • Proven CI/CD security experience: building pipeline security controls (SAST/SCA secret scanning dependency and container scanning) into developer workflows.
  • Hands-on vulnerability management at scale: triage prioritization SLA-driven remediation and the automation to make it sustainable.
  • Working knowledge of SOC 2 (or comparable frameworks) and what it takes to implement and evidence controls in a real engineering environment.
  • Fluency with the categories of modern cloud security tooling — CSPM ASPM/SAST and secret scanning compliance automation and SIEM (e.g. tools such as Wiz Prisma Cloud Snyk Drata Vanta or equivalents).
  • Strong coding/scripting ability to build automation not just configure tools — you write the pipelines modules and tooling that scale security across many services.
  • Experience standing up or maturing an in-house security function.
  • Multi-cloud exposure and experience securing an internal developer platform.
  • Security monitoring and detection/alerting design.
  • Experience applying AI/LLM tooling to security operations — auto-remediation evidence generation agentic workflows.

Compensation:

This range reflects total cash compensation which may include base salary only or base salary plus target bonus depending on the role. Where eligible equity may also be offered separately and not included below. Actual compensation varies based on location experience and qualifications.

  • Total Cash Compensation Range: $130000 – $225000 per year

Additionally the following benefits are provided by Red Ventures subject to eligibility requirements.

  • Health Insurance Coverage (medical dental and vision)
  • Life Insurance
  • Short and Long-Term Disability Insurance
  • Flexible Spending Accounts
  • Holiday Pay
  • 401(k) with match
  • Employee Assistance Program
  • Paid Parental Bonding Benefit Program
  • Flexible Paid Time Off (PTO): We believe time to rest and recharge is essential.  That’s why we offer a generous and flexible PTO policy.  Full-time employees accrue 20 days of PTO for a full calendar year annually with an increase to 25 days after five years of service.

Who We Are:

Bankrate is where Americans go to get the best price on life's most important financial decisions. By combining proprietary data advanced technology and deep market coverage Bankrate helps consumers compare options and make confident financial choices across mortgages credit cards savings and more. As a rate provider to the Federal Reserve and the benchmark relied upon by major publishers and policymakers nationwide Bankrate's rate data is the national standard. This commitment to precision is reflected across all its products. In mortgages proprietary auction technology puts lenders in real-time competition on price alone consistently delivering rates in the lowest 10% in the country. For deposits the platform features exclusively top-tier rates in the top 10% nationally while its credit card coverage encompasses more than 90% of the market by volume. Founded by a journalist Bankrate remains dedicated to its founding mission of transparency honest information and real competition — helping to make the American dream more affordable for everyone.

Red Ventures is an equal opportunity employer that does not discriminate against any employee or applicant because of race creed color religion gender sexual orientation gender identity/expression national origin disability age genetic information veteran status marital status pregnancy or any other basis protected by law. Employment at Red Ventures is based solely on a person's merit and qualifications. 

We are committed to providing equal employment opportunities to qualified individuals with disabilities. This includes providing reasonable accommodation where appropriate. Should you require a reasonable accommodation to apply or participate in the job application or interview process please contact [email protected]

If you are based in California we encourage you to read this important information for California residents linked here.

At Red Ventures we believe in real human connection. That’s why we do not hire someone through text social media or email only. As part of the hiring process you should expect live conversations with RV teammates before any offer is made. Also keep an eye on the sender: we only use official @redventures.com email addresses at the portfolio level or business specific email addresses (e.g. @thepointsguy.com) not ones like “redventurescareer.com.” We will never ask candidates to send money buy equipment or share financial account info during your journey with us. You can always find our open roles on redventures.com— if you receive a message that seems suspicious please use redventures.com to verify the opportunity.

For more the U.S. Federal Trade Commission has published helpful articles to help individuals learn more about protecting themselves from recruiter scams. If you think you’ve been targeted feel free to report it to your local authorities. Stay safe out there!

Skills Required

  • 5+ years in security engineering DevSecOps or platform/infrastructure engineering with security focus
  • Deep hands-on cloud security experience (compute networking IAM key management logging)
  • Strong infrastructure-as-code skills especially Terraform and policy-as-code
  • Proven CI/CD security experience (SAST SCA secret scanning SBOM generation dependency and container/IaC scanning)
  • Hands-on vulnerability management at scale: triage prioritization SLA-driven remediation and automation
  • Working knowledge of SOC 2 (or comparable frameworks) and implementing/evidencing controls
  • Fluency with cloud security tooling categories (CSPM ASPM/SAST secret scanning compliance automation SIEM) and tooling examples
  • Strong coding/scripting ability to build automation pipelines modules and tooling
  • Experience standing up or maturing an in-house security function
  • Multi-cloud exposure and experience securing an internal developer platform
  • Security monitoring and detection/alerting design experience
  • Experience applying AI/LLM tooling to security operations (auto-remediation evidence generation agentic workflows)

Bankrate Compensation & Benefits Highlights

  • Healthcare StrengthComprehensive medical dental and vision coverage is paired with dedicated mental‑health support via Lyra Health plus life and disability insurance. HSAs/FSAs and paid sick days reinforce a broad health and wellness safety net.
  • Parental & Family SupportParental leave is complemented by adoption assistance and benefits for IUI IVF and surrogacy. The explicit family‑building support is positioned as a differentiator among similar employers.
  • Leave & Time Off BreadthGenerous PTO paid holidays bereavement leave and paid sick days are emphasized alongside paid volunteer time. Flexible scheduling and hybrid‑friendly options support time away from work.

Bankrate Insights

Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
160 Employees
Year Founded: 1982

What We Do

Bankrate is redefining the future of financial decision-making. For nearly five decades we’ve empowered tens of millions of consumers to make smarter financial choices and helped hundreds of leading financial institutions grow. Today we’re evolving from a marketplace into a next-generation technology platform—underpinned by proprietary data AI-driven innovation and deep enterprise integrations. With our track record of delivering consumers quantifiably better offers—for example on home loans where we lead the market—Bankrate stands at the center of the $60B U.S. financial services acquisition opportunity. As we expand through omnichannel marketing and strategic partnerships and launch unique consumer product applications we’re building a more efficient personalized and connected financial ecosystem—one grounded in trust.

Why Work With Us

Our mission is to help people save borrow and thrive—and we invest in our people the same way. You'll get hands-on AI build days lunch & learns dedicated learning time and leadership development programs plus paid community volunteer days to give back. Real growth real impact real support.

Bankrate Offices

Remote Workspace

Employees work remotely.

Every role at Bankrate is open to remote candidates. If you live near one of our hubs in Charlotte or New York we ask that you work from the office three days a week — Tuesday through Thursday — so teams can connect in person.

Typical time on-site:
United States
CLT Office
NYC Office
Learn more

Similar Jobs

Bankrate

Creative Director

Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Easy Apply
Remote
United States
160 Employees
175K-225K Annually

Bankrate

Senior Software Engineer

Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Easy Apply
Remote
United States
160 Employees
100K-195K Annually

Bankrate

Software Engineer

Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Easy Apply
Remote
United States
160 Employees
80K-140K Annually

Bankrate

Engineering Manager

Artificial Intelligence • Consumer Web • Digital Media • Fintech • Marketing Tech • Software • Financial Services
Easy Apply
Remote
United States
160 Employees
160K-210K Annually

Related roles

Similar jobs