DevSecOps Lead — Pipelines, Supply Chain, and SRE

Role at a glance

Left-shift security without paralyzing developers.

Oxide Cloud (demo) ships a multi-tenant control plane. You will wire secure defaults into pipelines, catch vulnerable dependencies before prod, and teach teams why your guardrails help them go faster, not slower.

What you will do

• Build golden templates for build and deploy, with org-wide policies and escape hatches for real exceptions (documented, time-boxed)
• Partner with IT and SRE on secrets, workload identity, and break-glass—fewer long-lived keys in Confluence
• Run table-top exercises: poisoned package, hijacked build, malicious insider—then harden the controls that failed first

What we need

• 4+ years in appsec, platform security, or SRE with strong pipeline ownership
• You know supply-chain basics: Sigstore, SBOM formats, and where scanners lie

How we will interview you

Defend a current pipeline in an adversarial review, a live hardening change with our platform team, and a behavioral interview on influencing squads that “just need to ship.”

Note: this posting is demo data for the portal. Compensation band tests filters only. Apply via example.com addresses in this record.