Security & DR Automation Engineer (RARR Job 5421)

We are seeking a Senior Infrastructure Security & Compliance Engineer to lead the integration of security scanning, policy enforcement, compliance validation, and backup automation into a fully GitOps-managed GPU cloud stack. This role focuses on delivering ZeroTouch Build, Upgrade, and Certification pipelines across hardware, OS, and Kubernetes platform layers in an on-premises GPU cloud environment.

Key Responsibilities

• Design and implement GitOps-native workflows to automate security compliance and backup validation across the GPU cloud lifecycle.

• Integrate Trivy into CI/CD pipelines for container and system image vulnerability scanning.

• Automate kubebench execution and remediation workflows to enforce Kubernetes security benchmarks (CIS/STIG).

• Define and enforce policy-as-code using OPA/Gatekeeper to validate cluster and workload configurations.

• Deploy and manage Velero for Kubernetes-native backup and disaster recovery automation.

• Maintain declarative, auditable Git-backed repositories for all compliance and backup logic.

• Collaborate with infrastructure, platform, and security teams to:

  • Define security baselines

  • Enforce drift detection

  • Integrate automated guardrails into pipelines

• Drive remediation automation and post-validation gates across build, upgrade, and certification processes.

• Monitor evolving security threats and ensure tooling is updated to detect vulnerabilities, misconfigurations, and compliance drift.

Required Skills & Experience

• 10+ years of hands-on experience in infrastructure/platform automation and systems security.

• Core expertise in: Python, Go, Bash scripting, OPA Rego policy writing, CI integration for Trivy, kubebench, and GitOps workflows.

• Strong knowledge and practical experience with:

  • Trivy – Container, filesystem, and configuration scanning

  • kubebench – Kubernetes CIS benchmark compliance

  • Velero – Kubernetes-native backup & disaster recovery

  • OPA/Gatekeeper – Policy-as-code and admission control

• Deep understanding of GitOps workflows (e.g., Argo CD, Flux) and declarative security tool integration.

• Proven track record of automating security compliance and backup validation in CI/CD pipelines.

• Solid foundation in Kubernetes internals, RBAC, pod security, and multi-tenant best practices.

• Familiarity with vulnerability management lifecycles and security risk remediation strategies.

• Experience with Linux systems administration, OS hardening, and secure bootstrapping.

• Proficiency in Python, Go, or Bash for automation and tooling integration.

Preferred / Bonus Skills

• Experience with SBOMs, image signing, or container supply chain security.

• Exposure to regulated environments (e.g., PCI DSS, HIPAA, FedRAMP).

• Contributions to open-source security/compliance projects.