We are seeking a Senior Infrastructure Security & Compliance Engineer to lead the integration of security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack. This role focuses on delivering ZeroTouch Build, Upgrade, and Certification pipelines across hardware, OS, and Kubernetes platform layers in an on-premises GPU cloud environment.

Key Responsibilities

Design and implement GitOps-native workflows to automate security compliance and backup validation across the GPU cloud lifecycle.
Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.
Automate kubebench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).
Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.
Deploy and manage Velero for Kubernetes-native backup and disaster recovery automation.
Maintain declarative, auditable Git-backed repositories for all compliance and backup logic.
Collaborate with infrastructure, platform, and security teams to:
- Define security baselines
- Enforce drift detection
- Integrate automated guardrails into pipelines
Drive remediation automation and post-validation gates across build, upgrade, and certification processes.
Monitor evolving security threats and ensure tooling is updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

10+ years of hands-on experience in infrastructure/platform automation and systems security.
Core expertise in: Python, Go, Bash scripting, OPA Rego policy writing, CI integration for Trivy, kubebench, and GitOps workflows.
Strong knowledge and practical experience with:
- Trivy – Container, filesystem, and configuration scanning
- kubebench – Kubernetes CIS benchmark compliance
- Velero – Kubernetes-native backup & disaster recovery
- OPA/Gatekeeper – Policy-as-code and admission control
Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and declarative security tool integration.
Proven track record of automating security compliance and backup validation in CI/CD pipelines.
Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.
Familiarity with vulnerability management lifecycles and security risk remediation strategies.
Experience with Linux systems administration, OS hardening, and secure bootstrapping.
Proficiency in Python, Go, or Bash for automation and tooling integration.

Preferred / Bonus Skills

Experience with SBOMs, image signing, or container supply chain security.
Exposure to regulated environments (e.g., PCI DSS, HIPAA, FedRAMP).
Contributions to open-source security/compliance projects.