DevSecOps Engineer

We are a rapidly growing, US-based space startup revolutionizing satellite imaging using advanced in-orbit capabilities. Specifically, our expertise lies in leveraging in-space assets for Space Domain Awareness (SDA) and Non-Earth Imaging (NEI). As an international company, we navigate a unique landscape while delivering critical services to our clients. Having recently secured several significant contracts, we are expanding our team to meet the exciting demands of our growth.

To support this next phase, we’re building a high-performing, interdisciplinary team capable of pushing the boundaries of space technology. We’re looking for talented, passionate people who value collaboration, growth, and learning to join us.

HEO is a post-Series A company backed by high-profile venture funds including Airtree, Y Combinator, and In-Q-Tel. We are headquartered in Sydney, Australia, with offices in London, UK, and Washington, D.C., USA.

As HEO USA’s first dedicated Security & Dev Ops Engineer, you will be the technical architect and lead for our domestic cloud infrastructure. You will lead the critical mission of migrating, securing, and managing sensitive HEO data to our US-based AWS environment.

This role requires a hands-on expert who can build automated CI/CD pipelines while simultaneously architecting a CMMC (Cybersecurity Maturity Model Certification) compliant program from the ground up to support our US government and defense-related contracts.

• Data Migration: Design and execute the secure transfer of data and services from international AWS regions to US-based regions (e.g., US-East-1 or AWS Gov Cloud).
• Infrastructure as Code (IaC): Build and maintain the US cloud footprint using Terraform or Cloud Formation to ensure repeatable, documented environments.
• Architecture: Optimize the AWS stack for performance, cost, and high availability, ensuring it meets the specific operational needs of the US subsidiary.

• CI/CD Pipeline Security: Integrate automated security scanning (SAST/DAST) and dependency checking into the deployment pipeline.
• Container Security: Manage and secure containerized workloads (Docker/K8s), ensuring image scanning and runtime protection.
• Monitoring & Logging: Implement comprehensive observability using tools like AWS Cloud Watch, Cloud Trail, or ELK Stack to ensure real-time threat detection.

• CMMC Program Development: Architect and implement the technical and administrative controls required for CMMC Level 2 (or higher) compliance.
• Identity & Access Management (IAM): Enforce the Principle of Least Privilege (PoLP) and Zero Trust architecture across all US systems.
• Vulnerability Management: Lead regular patching cycles, vulnerability scans, and coordination of third-party penetration testing.
• Documentation: Maintain the System Security Plan (SSP) and Plan of Action and Milestones (POA&M) required for federal audits.

• Experience: 4+ years in Dev Ops, Site Reliability, or Security Engineering roles with a heavy focus on AWS supporting federal and public sector programs (preferably DoD and Intelligence Community)
• AWS Mastery: Deep technical proficiency with VPC, IAM, S3, EC2, RDS, and AWS Security Hub. Experience with AWS Gov Cloud is a significant plus.
• Compliance Expertise: Proven track record of building and maintaining environments compliant with CMMC (Level 2+), NIST 800-171, or FedRAMP.
• Automation Tools: Expertise in Infrastructure as Code (Terraform, Ansible, or Cloud Formation) and CI/CD tools (Git Hub Actions, Git Lab CI, or Jenkins).
• Security Tooling: Hands-on experience with SIEM, EDR, and vulnerability scanners (e.g., Nessus, Qualys, or Snyk).

• AWS Certified Solutions Architect – Associate or Professional
• AWS Certified Security – Specialty
• CISSP (Certified Information Systems Security Professional)
• CMMC Certified Professional (CCP)

• Competitive Base Salary: We offer a strong base salary commensurate with your experience and the significant impact you'll have on our growth.
• Employee Stock Option Plan (ESOP): As an early-stage…