DevSecOps Engineer

Company Overview

Open Innovation AI is a global technology company that specializes in developing advanced solutions for managing AI workloads. Its flagship product, the Open Innovation Cluster Manager (OICM), orchestrates complex AI tasks efficiently across diverse infrastructures. The platform is hardware-agnostic, optimized for various GPUs and accelerators hardware, and facilitates seamless integration and scalability for enterprise AI applications. Open Innovation AI focuses on optimizing and simplifying AI workload management and making AI technologies accessible to organizations of all sizes. With its innovative solutions, companies can reduce operational costs, accelerate time to value, and maximize their return on investment, ensuring that their AI strategies contribute directly to enhanced business outcomes.

Role Overview:

We're seeking an DevSecOps Engineer to implement security for our software products and AI/ML platform deployed across customer on-premises datacenter and cloud environments

Role Responsibilities:

• Build and maintain secure CI/CD pipelines (GitLab CI, ArgoCD) with integrated controls such as SAST, DAST, SCA, container scanning, image signing, SBOM generation, and policy-as-code enforcement for on-prem and AWS environments.
• Develop and manage Infrastructure-as-Code using Helm, Terraform, and Ansible to automate deployment and configuration of hybrid Kubernetes clusters (on-prem and EKS), ensuring consistent and secure baselines.
• Implement and maintain Kubernetes and container security controls including RBAC least-privilege, secrets management, network policies, Pod Security Admission, runtime protection tools and integrations with AWS IAM/KMS.
• Lead vulnerability management and remediation across clusters, runtimes, GPU operators, dependencies, and platform components, coordinating with DevOps, development, and ML teams to ensure timely fixes and compliance.
• Support secure operation of ML training and inference workloads by defining secure deployment patterns, protecting model artifacts, and enforcing least-privilege access across AI/ML data pipelines.
• Enhance observability, monitoring, and incident readiness using Prometheus, Grafana, Loki, and associated tooling to support operational security and audit requirements.
• Build automations and pipeline integrations using Python, Bash, or Go to strengthen security tooling, deployment workflows, and runtime controls.
• Collaborate with DevOps, Developers, Data/ML teams, and Security Architecture to maintain secure delivery practices, ensure audit ready documentation, and continually improve automation and platform security posture.
• Stay updated on emerging areas such as GPU isolation, confidential computing, and AI model security to enhance the security of hybrid GPU/AI platforms

Required experience & Qualification

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field, or equivalent practical experience.
• 5–8+ years of hands-on DevSecOps or security engineering experience supporting Kubernetes-based or distributed software platforms.
• Strong expertise with CI/CD automation (GitLab CI, ArgoCD) including integration of SAST/DAST/SCA, container scanning, SBOMs, and artifact signing.
• Deep knowledge of Kubernetes (on-prem and EKS), container runtimes, Helm, and secure con-figuration practices including RBAC, network policies, and secrets management.
• Practical experience with Infrastructure-as-Code (Terraform, Helm, Ansible) and automation for hybrid on-prem/AWS environments.
• Solid understanding of vulnerability management, CVE/CVSS scoring, remediation workflows, and securing containerized/GPU-accelerated workloads.
• Proficiency in scripting or automation (Python, Bash, or Go) to extend CI/CD workflows, integrate security controls, and build platform tooling.
• Strong communication and cross-team collaboration skills, with experience working in regulated or compliance-driven environments