Principal DevSecOps Engineer

Make Your Mark as a Principal Dev Sec Ops  Engineer at Storio group
About the role

You will work closely with other departments, such as SRE, following a security-first methodology known as Sec Dev Ops . Your goal is to move beyond traditional "gatekeeping" to build a frictionless, automated security environment. Your primary mission is to engineer the guardrails that allow development teams to innovate at speed while ensuring the platform remains secure by design through a "shift-left" approach.

You will not just identify risks; you will architect the automation that detects and mitigates them, ensuring digital defenses remain agile and responsive to evolving threats.

• CI/CD Pipeline Security:
  Lead the implementation and maintenance of automated security controls (SAST, SCA, IaC scanning) within the build pipeline to identify vulnerabilities early in the software development lifecycle.
• Vulnerability Management Operations:
  Oversee the daily operational triage of security findings. You will focus on reducing noise by tuning scanners, filtering false positives, and routing valid issues to the appropriate engineering backlogs.
• Platform Hardening & Defense:
  Execute targeted remediation campaigns to address infrastructure risks (e.g., cloud storage configurations, IAM privileges, container security) and maintain perimeter defenses (AWS WAF, Shield).
• Engineering Enablement:
  Act as the primary technical consultant for development teams. You will troubleshoot security-related build failures and provide "secure-by-default" infrastructure templates to streamline secure development.
• Security Automation:
  Develop custom scripts and automation workflows to detect vulnerable components across repositories and integrate disparate security tools into a cohesive ecosystem.
• Remediation Verification:
  Close the loop on security risks by validating that deployed fixes effectively resolve identified vulnerabilities.

• You reduce noise for our engineers by tuning scanners and filtering out false positives
• You act as the go-to technical consultant for teams looking to build more secure products
• You drive remediation campaigns that strengthen our perimeter defenses like AWS WAF and Shield
• You ensure our digital defenses stay agile and ready for any evolving threats
• You take ownership of the vulnerability lifecycle from initial discovery to the final fix
• You help foster a culture where every engineer feels empowered to prioritize security

• Professional Background: A strong foundation in Dev Ops or Platform Engineering with a demonstrated specialization in security.
• AWS Security Portfolio:
  In-depth, hands-on experience with the AWS Security ecosystem is a must. You should be proficient in deploying, tuning, and operationalizing services such as Guard Duty, Security Hub, Inspector, AWS WAF, Shield, and IAM Access Analyzer.
• Scripting & Automation:
  Proficiency in scripting languages is essential for building custom tooling and gluing systems together. You must be capable of writing robust code in languages such as Python and Bash.
• Technical Proficiency:
  Extensive experience with CI/CD workflows and Infrastructure as Code (IaC) tools such as Terraform.
• Automation Mindset: A proactive approach to problem-solving where you prioritize scripting and automation over manual verification.
• Operational Excellence:
  Proven experience in triaging security findings, managing vulnerability life cycles, and driving remediation efforts.
• Collaborative Communication:
  The ability to articulate complex technical security issues to developers and act as a supportive partner in resolving them.

• Familiarity with container orchestration security (Kubernetes/EKS).
• Familiarity with using (agentic) AI to enhance good security practices.
• Experience managing bug bounty programs and triaging external vulnerability reports.
• Experience contributing to security awareness training programs for developers

At Storio Group, we help people hold onto life's moments. We make personalised photo products that turn fleeting memories into things you can keep, share, and re-live.

Every person at Storio Group helps create our products and shape our company. You will see the impact of your work daily. We invite you to make your mark on our business, products, and customers' lives.

We act with heart by putting people first and valuing diverse perspectives. We give our best and aim for high standards in all we do. We own our work, taking initiative to find solutions. We embrace curiosity, always learning and trying new things. We find the joy in our work and create a positive environment.

Storio Group is an equal opportunity employer, celebrating diversity and fostering an inclusive environment. If you require reasonable adjustments during interviews please contact our HR team.

Applicants must also have the legal right to work in the position's country without requiring…