Jobs · himalayas
Senior DevSecOps Engineer
Cobalt Streamworks · United States · Posted 22d ago
About the role
Secure a cloud-based insurance platform by embedding security into development and operations workflows.
Company Overview Westaim and CC Capital have joined forces to strategically transform Westaim from a holding company into a global alternative credit asset manager with a unique, integrated insurance platform, branded as The Westaim Corporation. This partnership supports a long-term vision to deliver innovative, customized financial solutions across alternative credit and insurance, creating scalable growth and meaningful client impact. Ceres USA Holdings, LLC, part of the insurance platform within The Westaim Corporation strategy, is the parent company of Cobalt Streamworks , a fast-growing, technology-driven annuity carrier startup. Ceres is focused on redefining retirement security by combining modern fintech capabilities, top-tier talent, and strong vendor partnerships to deliver exceptional annuity solutions and digital experiences. Ceres is deeply committed to a client-centered culture. Through its Digital Contact Center and advisor-facing platforms, the company delivers proactive, personalized, and technology-enabled support that empowers clients and advisors while maintaining the highest standards of trust, security, and regulatory compliance. About the Role We are looking for a Senior DevSecOps Engineer to join the Information Security team and work closely with the Office of the CISO to help secure a modern, cloud-based insurance platform supporting annuity products and financial operations. This is a hands-on role for someone who enjoys securing cloud infrastructure, software delivery workflows, code repositories, infrastructure as code, CI/CD pipelines, APIs, and application environments. You will work closely with engineering, infrastructure, data, product, and security stakeholders to embed security into development and cloud operations. This role is ideal for a technically strong engineer with a background in software engineering, cloud security, AWS, infrastructure as code, and secure SDLC practices. The right candidate can learn new platforms quickly, understand how engineering systems fit together, and translate security findings into practical remediation and improved security patterns. This is not a purely advisory or architecture-only role. You will be expected to review, configure, implement, document, troubleshoot, and help remediate security issues in partnership with the CISO, Deputy CISO, engineering teams, platform owners, and security partners. Key Responsibilities Secure Cloud and Engineering Environments Design, implement, and improve security controls across cloud infrastructure, application environments, developer workflows, and engineering platforms Review cloud architecture, infrastructure as code, APIs, integrations, and application design for security risks Help identify, prioritize, and remediate cloud misconfigurations, infrastructure weaknesses, and security findings Support secure configuration of cloud services, identity and access controls, network security controls, and service-level security settings Maintain documentation of cloud and engineering security decisions, control patterns, remediation actions, and operational procedures Strengthen Secure SDLC and DevSecOps Practices Implement and improve security controls across code repositories, CI/CD pipelines, and software delivery workflows Support branch protection, repository permissions, secrets scanning, code scanning, dependency review, and secure development practices Partner with engineering teams to embed security into the development lifecycle without unnecessarily slowing delivery Coordinate remediation of vulnerabilities identified through cloud security platforms, code scanning, penetration testing, application security reviews, infrastructure-as-code review, and audit findings Help define repeatable secure development, deployment, and remediation patterns Support Application, API, and Software Supply Chain Security Review applications, APIs, integrations, and platform designs for security risks and practical remediation options Help improve software supply chain security, dependency management, secrets handling, and secure deployment workflows Provide practical guidance to engineers on secure coding, secure cloud usage, access control, logging, monitoring, and remediation priorities Collaborate with engineering and platform teams to ensure security findings are understood, prioritized, and resolved Strengthen Security Governance and Audit Readiness Help prepare the organization for Internal Audit, external audits, regulatory reviews, and control assessments Support security control implementation and evidence gathering for frameworks and expectations such as SOC 2, ISO 27001, NAIC, and other relevant standards Ensure security work is documented, repeatable, reviewable, and aligned with control requirements Follow change management processes and support appropriate review and approval of security configuration changes Partner with the Office of the CISO to prioritize cloud, application, and SDLC secu
Read the full posting on himalayas →
FAQ
Is the Senior DevSecOps Engineer role at Cobalt Streamworks remote?+
This Senior DevSecOps Engineer position is listed as remote (United States).
What is the salary for the Senior DevSecOps Engineer role at Cobalt Streamworks?+
The listing states Estimated 93k-215k USD.
What seniority level is this Senior DevSecOps Engineer role?+
This is a senior level position.
How do I apply for the Senior DevSecOps Engineer role at Cobalt Streamworks?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Cobalt Streamworks.