DevSecOps Engineer

About the Team

The Platform & Security team ensures Typeform engineers can build, deploy, and operate services safely and efficiently.

As we scale into AI-powered products, our engineering velocity has increased significantly. New workloads—such as model-serving, agent-based systems, and real-time data pipelines—introduce security challenges that our current team does not yet have the bandwidth or AI-specific expertise to manage.

You’ll join as a DevSecOps Engineer to embed security into the development lifecycle, enable high-velocity feature delivery, and ensure that new AI capabilities are safe, compliant, and resilient. This role is an opportunity to make a tangible impact on the security posture of Typeform as we scale.

Things you will do:

• Embed security into the SDLC: Partner with engineering and AI teams to ensure features are delivered safely at high velocity.
• Develop security automation: Build and maintain CI/CD security tooling and processes (SAST/DAST, secrets management, artifact scanning).
• Assess and mitigate risks: Conduct vulnerability assessments, threat modeling, and code reviews for platform and AI workloads.
• Advise on architecture: Recommend secure patterns for infrastructure, agent systems, and model-serving pipelines.
• Implement monitoring & incident response: Ensure timely detection and automated response to security alerts.
• Define best practices: Create and maintain standards, policies, and reusable security infrastructure components.
• Collaborate effectively: Influence teams to adopt security practices without slowing development, and act as the internal advocate for security.

What you already bring to the table:

• Several years of experience in DevSecOps, security engineering, or cloud security.
• Strong understanding of distributed systems, cloud-native infrastructure, and CI/CD pipelines.
• Knowledge of threat modeling, vulnerability assessment, and incident response.
• Experience with or strong willingness to learn AI/ML security, model-serving pipelines, or agent-based systems.
• Familiarity with IaC, Kubernetes, and cloud platforms (AWS, GCP, Azure).
• Excellent collaboration and communication skills to explain complex security concepts to non-security teams.

Extra awesome:

• Hands-on experience with AI security, model risk, or prompt injection mitigation.
• Experience in high-velocity SaaS or PLG environments.
• Contributions to open-source security tooling or frameworks.
• Implementing automated security testing in CI/CD pipelines for both code and infrastructure.