Site Reliability Engineer II at LexisNexis Risk Solutions building Terraform modules and CI/CD pipelines. Responsible for developing cloud infrastructure and ensuring reliability, security, and observability.
About the role
- Security Lead managing security strategy and operations for PetroApp's technology platform. Overseeing cloud infrastructure and DevSecOps practices to ensure security and reliability.
Responsibilities
- Own the overall security roadmap and strategy for PetroApp, aligning it with business and product priorities.
- Act as the primary security point of contact for engineering and leadership.
- Define, document, and maintain security policies, standards, and guidelines for engineering teams.
- Lead risk assessments, threat modeling, and security design reviews for major initiatives.
- Define and track key security KPIs and report status, risks, and progress to leadership.
- Embed security into the SDLC by integrating SAST, DAST, dependency and container scanning, and IaC scanning into CI/CD pipelines.
- Establish secure coding practices and patterns; provide guidance and reviews for high-risk changes.
- Set up and maintain secrets management and secrets detection across repos and environments.
- Drive vulnerability management: triage findings, prioritize remediation, track SLAs, and verify fixes.
- Partner with engineers to ensure security controls are automated and developer-friendly.
- Own and continuously improve the cloud and platform security posture (IAM, networking, encryption, key management, hardening).
- Design and enforce least privilege access models and secure-by-default infrastructure baselines.
- Ensure security is built into core platform components such as Kubernetes, service-to-service communication, and data stores.
- Collaborate with SRE/DevOps on secure, resilient architectures, covering scalability, failover, and disaster recovery.
- Collaborate with SRE/DevOps to maintain high availability and reliability of production systems.
- Contribute to observability and monitoring with a security lens: actionable alerts, meaningful logging, and traceability.
- Participate in incident response for security-related events, including root cause analysis and long-term fixes.
- Help improve on-call and incident processes where security and reliability intersect.
- Own relationships with external security vendors, including penetration testing and security assessments.
- Scope, coordinate, and manage penetration tests; track findings through to remediation and retesting.
- Coordinate security-related input for audits, certifications, and customer security questionnaires as needed.
- Run security awareness and training initiatives tailored to engineers and operational teams.
Requirements
- 5+ years of experience across DevOps/SRE/Platform Engineering and application/infrastructure security, with at least 2–3 years as a primary security owner or lead.
- Proven experience leading or owning security in a cloud-native, product-focused company.
- Strong DevOps/SRE background: operating production workloads, on-call experience, CI/CD ownership, automation, and infrastructure-as-code.
- Deep understanding of cloud security fundamentals (AWS/GCP): IAM, networking, encryption, logging, monitoring.
- Hands-on experience integrating security tooling into CI/CD pipelines (SAST, DAST, dependency scanning, container/IaC scanning).
- Solid Linux and networking fundamentals; comfortable debugging complex production and security issues.
- Experience with containers and orchestration (Docker/Kubernetes) and securing them in production.
- Practical knowledge of OWASP Top 10, common attack vectors, and secure coding principles.
- Experience managing penetration tests and/or security assessments, including scoping, coordination, and remediation follow-up.
- Excellent communication and stakeholder management skills—able to influence and drive change without blocking delivery.
- Nice to Have
- Experience building or operating within security frameworks/compliance programs (e.g., ISO 27001, SOC 2, PCI) relevant to PetroApp’s domain.
- Exposure to WAF, API security, service mesh security, and zero trust patterns.
- Experience with SIEM/SOAR, security analytics, and detection engineering concepts.
- Hands-on involvement in bug bounty programs or coordinated vulnerability disclosure processes.
- Coding ability in at least one backend language (e.g., Python, Go, Node.js, Java) to build security tooling and automation.
- Experience mentoring or managing engineers with a focus on security and platform engineering.
Benefits
- You will own and shape the security function in a high-impact, hands-on lead role.
- You’ll work at the intersection of security, reliability, and platform engineering, directly influencing how PetroApp scales.
- Opportunity to work with a modern tech stack and a team that values pragmatism, automation, and continuous improvement.
- A culture that cares about doing the right thing for customers and partners, with leadership support for investing in security and reliability.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
DevOps Engineer supporting cloud modernization for the Department of the Air Force on the Cloud One contract. Involved in systems analysis, security practices, and collaboration with engineering teams.
Journeyman Cloud Operations Engineer maintaining cloud infrastructure across DoD organizations. Supporting DevSecOps and ensuring compliance with security requirements in a high - visibility program.
DevOps Engineer managing cloud - native platforms for Capgemini. Collaborating with development, data/ML, and security teams to deliver scalable solutions on Azure.
Head of IT & DevSecOps at JamLoop, managing internal technology and security improvements. Leading strategy and implementation of cloud infrastructure for efficiency and reliability.
I&E Maintenance and Reliability Engineer at LyondellBasell focused on asset maintenance strategies in a multidisciplinary environment. Collaborating for operational excellence and safety performance at the Pasadena facility.
Manager, DevOps & Cloud Infrastructure overseeing security and operational efficiency in a hybrid environment at Thomson Reuters. Leading teams to deliver secure solutions in on - premises and cloud setups.
DevOps Engineer responsible for building and maintaining the infrastructure of IONOS' AI platform. Collaborating on CI/CD pipelines and ensuring system optimization across various locations.
DevOps Engineer building and supporting cloud infrastructure at PointClickCare. Collaborate with senior engineers and software teams to enhance AI - enabled workloads and improve system reliability.
DevOps specialist working with Kubernetes and Terraform, ensuring project stability and efficiency for Convercus. Join a small, dynamic team in a hybrid work environment.