Senior Specialist, DevSecOps

Here at Scout Motors, we're carrying forward the heritage of one of the most iconic American vehicles in history. A vehicle dating back to 1960. One that forged the path for future generations of rugged SUVs and will do so once again. But Scout is more than just a brand, it’s a legacy steeped in a culture of exploration, caretaking, and hard work. The Scout brand is all about respect. Respect for the environment by developing electric vehicles with the capability to get you to any location. Respect for the past and the future by taking an iconic American brand that hasn’t been around for a while, electrifying it, digitizing it, and loading it with American innovation. Respect for communities by creating a company that stands for its people and its customers. And respect for both work and play, with vehicles that are equally at home at a camp site, a job site, or on a Tuesday commute. At Scout Motors, we empower our talented, inclusive, and entrepreneurial teams to innovate. What makes a Scout employee? Someone who is a visionary and a leader, who seeks new paths and shares lessons learned. A knowledgeable doer who collaborates across the company to build better. A go-getter with unrivaled passion. Join us at Scout Motors and be part of shaping the future of transportation. If you're ready to drive change and make history, apply now! What you’ll do Become part of an iconic brand that is set to revolutionize the electric pick-up truck & rugged SUV marketplace. The essence of this role is to: Be a hands-on security specialist in the Dev-Ops build culture of Scout’s cloud-first Platform Engineering Team. Lead the implementation and integration of security controls in the software development lifecycle. Collaborate with system administrators and network engineers to ensure proper configuration and maintenance of security controls. Help develop and implement an organization-wide information security strategy and roadmap for software and cloud security. Provide security guidance to Information Technology (IT) Teams to design and develop secure information systems, networks, and applications, ensuring alignment with business goals and regulatory requirements. Define security requirements and recommend appropriate security technologies and solutions. Possess a deep understanding cloud-native security concepts and the integration of security controls into IaaS – specifically AWS and Azure. Implement and configure security controls such as firewalls, intrusion detection systems, encryption mechanisms, access controls, and authentication systems, using Infrastructure as Code, and DevOps practices. Conduct regression testing to ensure completeness and efficacy of security controls and configurations. Conduct security assessments to identify potential vulnerabilities and develop mitigation strategies. Implement, operate, and automate security controls, and procedures. Aid security awareness programs and training sessions for IT and engineering employees to promote a security-conscious culture. Participate in incident response efforts during security incidents, support forensic investigations, and implement corrective actions. Stay up to date with the latest information security trends, threats, and technologies, and provide recommendations for improvement. Collaborate with internal and external auditors to ensure compliance with relevant regulations and standards. Participate in audits, assess security controls, and provide necessary documentation and evidence. Location & Travel Expectations: This role is based in Fremont, CA. Most of the responsibilities of this role can be completed virtually; however, it will require occasional attendance at in-person meetings and events. We will consider well qualified remote applicants for this role. This role is not eligible for remote work in New York City. Applicants should expect that the role may require the ability to convene with Scout colleagues in person and be able to travel to participate in events on behalf of the company from time to time. What you’ll bring We expect all Scout employees to have integrity, curiosity, resourcefulness, and strive to exhibit a positive attitude, as well as a growth mindset. You’ll be comfortable with change and flexible in a fast-paced, high-growth environment. You’ll take a collaborative approach to achieve ambitious goals. Here's what else you'll bring: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. 8+ years of experience in information security, with a focus on secure development, application security, DevSecOps, and/or cloud security. In-depth knowledge of information security principles, best practices, and frameworks (e.g., ISO 27001, NIST). Relevant security certifications such as K8S: (CKS, KCSA) AWS Certified Security Specialty Strong understanding of network and system architecture, including cloud environments. Deep experience engineering security controls in cloud IaaS environments Extension knowledge of Infrastructure as Code (IaC) practices such as Terraform, Pulumi, Ansible, CDK, etc Experience with EKS/K8S, Helm, Kustomize and other container orchestration techniques and practices. Familiarity with could-native security controls and configuration. Experience in designing and implementing security solutions across multiple platforms and technologies. Familiarity with regulatory requirements such as GDPR, HIPAA, PCI DSS, etc. Professional certifications such as CISSP, CISM, or GIAC are highly desirable. Excellent analytical and problem-solving skills. Strong communication and collaboration abilities. Ability to work effectively in a fast-paced and dynamic environment.