As a Senior Platform Engineer -  DevSecOps at Rosterfy, you will be the hands-on security engineering owner for the cloud infrastructure that powers Rosterfy across AWS (our primary platform, running the main app and web app) and GCP (our data layer). You will take ownership of the platform security working with the broader engineering team to embed continuous, shift-left security as a paved road for every squad rather than a gate that slows them down.

You will be central to how we scale Rosterfy (event-driven architecture and domain-driven design), working across Kubernetes (EKS), CI/CD pipelines (BuildKite and GitHub), observability tooling, and infrastructure as code. Security is built into all of it: you will own secret management, identity and access, policy-as-code guardrails, vulnerability management, and the technical evidence behind our SOC 2, ISO 27001, & GDPR obligations, working alongside Engineering.

You will improve developer experience through better local workflows, automation, and consistent environments, and you will help us safely enable AI at scale: not just standing up LLM, RAG, and vector workloads, but securing them against prompt injection, data leakage, and supply-chain risk, and governing how AI coding assistants are used across the team. You will play a key role down the line as to how we evolve the platform to support our data and ML ambitions across BigQuery, Vertex AI, and real-time event processing.

In your first 90 days you will document our security architecture and key operational runbooks, ensuring this critical knowledge is captured and resilient as the team grows.

 

Technical - Essential

• 7+ years in DevOps, platform, or SRE roles supporting production SaaS, with security a recurring theme in your work (not necessarily a security job title).
• Proficient with AWS (e.g. EKS, EC2, RDS, S3), infrastructure-as-code (e.g. AWS CDK), and CI/CD systems. Equivalent cloud experience transfers.
• Strong Docker, Linux, and container orchestration fundamentals.
• Hands-on with cloud identity, access, and secrets/key management (e.g. AWS IAM, KMS, Secrets Manager).
• Experience embedding security into CI/CD pipelines: dependency, secret, container, and IaC scanning, with least-privilege by default. The practice matters more than the specific tools.
• Familiarity with observability and incident management, including participating in incident response and on-call for both reliability and security events.
• Experience supporting developer tooling and internal platform services.

Strongly Desirable

• Experience operating in a compliance environment (SOC 2, ISO 27001, Essential Eight, or GDPR) and producing audit evidence.
• Hands-on with Vanta (or comparable GRC/compliance automation), including resolving failing controls and producing audit evidence for an already-certified SOC 2 / ISO 27001 environment.
• Comfortable working within our PHP/Laravel application codebase to remediate application-level security findings (dependency vulnerabilities, input handling, headers, encryption), not just infrastructure.
• Exposure to cloud security tooling such as CNAPP/CSPM (e.g. Lacework, Wiz, Prisma); concepts transfer across products.
• Familiarity with threat modelling and secure SDLC practices.
• Awareness of software supply-chain security (SBOM, artifact signing, SLSA).
• GCP infrastructure (e.g. GKE, IAM) and cost optimisation.
  
  

Bonus

• AI/LLM security awareness (e.g. OWASP LLM Top 10, securing RAG and model endpoints).
• A security certification such as AWS Security Specialty or CKS.
• Data/ML platform exposure: BigQuery, Vertex AI, vector databases, and GenAI prompt-execution endpoints (OpenAI / Vertex AI Generative AI APIs).
• Integrating observability for model performance, latency, and data drift (e.g. OpenTelemetry, Vertex AI Model Monitoring, WhyLabs, Evidently AI).
  
  

Character & Mindset

• Resilient and adaptable – You embrace change and help others navigate ambiguity with calm and confidence.
• Proactive problem solver – You identify issues early, take ownership, and push solutions forward without waiting to be asked.
• Clear communicator – You articulate ideas clearly, write well, and listen with intent. You create shared understanding.
• Product-minded – You’re curious about customer needs, ask “why?”, and advocate for solutions that deliver real value.
• Leads through influence – You raise the bar by mentoring others, setting standards, and sharing knowledge — not by authority.
• Documentation-first thinker – You value written clarity, and help your team by documenting decisions, code, and processes.

• Maintain and evolve our cloud infrastructure and container platform (currently AWS EKS, managed as Click Ops which needs to be converted to IAAC infrastructure-as-code such as Terraform). Equivalent experience on comparable platforms is welcome: strong IaC and container fundamentals matter more to us than exact tool parity
• Triage & Resolve failing tests, security alerts from Vanta, working with the engineering team, delegate where needed. 
• Play a key role in maintaining our existing SOC 2 and ISO 27001 posture, Automate control enforcement and evidence collection in Vanta, remediate gaps before they become audit findings, and own the technical evidence during surveillance/recertification audits.
• Make key recommendations, experiment and implement new tooling in conjunction with the Head of Engineering. 
• Own platform security as a first-class outcome: secure-by-default infrastructure, least-privilege access, and security guardrails encoded as policy-as-code so squads inherit safe defaults
• Keep systems observable, cost-optimised, and scalable, treating security signals (configuration drift, misconfiguration, anomalous access) as first-order telemetry alongside performance
• Automate build, deployment, and release workflows in our CI/CD (currently BuildKite and GitHub, or comparable pipelines), with security embedded in the pipeline: dependency, secret, container, and IaC scanning, plus signed and traceable builds.
• Collaborate with squads to improve developer productivity and environment consistency
• Implement monitoring, alerting, and logging solutions (e.g., OpenTelemetry, CloudWatch or similar)
• Own the technical side of secrets management, identity and access (RBAC/IAM), audit logging, & automate the control enforcement & evidence (Vanta) behind our compliance programs (SOC 2, ISO 27001), partnering with Engineering proactively.
• Evaluate infrastructure readiness for data workloads (Vertex AI, BigQuery, Looker)
• Participate in incident response & on-call for both reliability and security incidents: detection, triage, containment, root-cause analysis, & post-incident review that feeds back into our controls and compliance evidence.
• Conduct experiments that have been signed off by the Head of Engineering & CTO  and advise on AI tooling to help with automation and infrastructure health as we grow and scale. 
• Ensure infrastructure readiness for AI/ML workloads including BigQuery, Vertex AI, vector DBs (e.g., Pinecone), and GenAI pipelines
• Play a key role in Engineering Discovery ensuring the appropriate observability, logging, monitoring and support attributes are in place to productionise features. 
  
  

Building for AI Capability 

• Build security into our AI platform from the start: LLM security controls (e.g. OWASP LLM Top 10), prompt-injection and data-leakage protection, tenant isolation and PII handling for RAG and vector stores, and access control on model endpoints
• Maintain visibility and provenance over AI components
•  Deploy embedding/vector DBs, RAG pipelines
• Work with ML & GenAI models via Vertex AI, OpenAI, Claude, etc.

• Competitive salary offering 
• Paid time off to participate in volunteering activities
• Referral bonuses and recognition programs

Why you want to work with us

- Rapid Growth: Rosterfy is a rapidly expanding company, doubling in size every year. Backed by top investors, Rosterfy is on a rocket ship trajectory, set for incredible growth and success.
- Global Impact: We are reshaping volunteering globally and have an ambitious goal to redefine what it means to be a volunteer. Work with us, and be certain that you will make an impact.
- Well-liked: with 4.5 stars on Capterra, 4.4 stars on G2, and winners of various awards, we are well liked by clients and recognised for our exceptional service and innovative solutions.
- Awesome clients: We've been the volunteer management platform for 7 consecutive Super Bowls, Lifeline, & Oxfam amongst many other happy clients across 26 countries.
- Competitive salary: We offer a competitive salary commensurate with experience and qualifications, along with comprehensive benefits.