Senior DevOps Security Engineer

About Us

At Cast & Crew, we’ve empowered creativity and supported the global entertainment industry for decades. Together with our family of brands - Backstage, CAPS, Checks & Balances, Final Draft, Media Services, Sargent-Disc, and The TEAM Companies – we operate as a combined entertainment technology and services provider offering industry standard screenwriting accounting software, digital payroll products, data & reporting, and a host of creative tools. The industry continues to move faster than ever, and the need for our expertise, our technology, and our people has never been greater. We are a production’s best ally every step of the way. #OneCastOneCrew

Job Overview
We are seeking a highly skilled Senior DevOps Security Engineer to join our forward-thinking IT organization. This full-time role will focus on securing our DevOps pipelines, cloud infrastructure, applications, and database environments, with a strong emphasis on AWS and Azure cloud security. The ideal candidate will have 8-10 years of experience in DevOps, specializing in identifying and resolving security vulnerabilities in infrastructure, applications (Java, Node.js, .NET), and databases (MSSQL, MySQL, PostgreSQL) hosted on Azure and AWS RDS. You will bring expertise in ingress/egress network firewalls, security tools (e.g., Pentest, Orca, Nexus), and SOC controls to ensure our systems are robust and compliant. This role will collaborate with development, operations, and security teams to champion secure DevOps practices across the board. You will lead the design and implementation of secure, scalable cloud solutions, leveraging AWS EKS for container orchestration, AWS Control Tower for governance, and infrastructure-as-code practices using Terraform.

Key Responsibilities

• Design, implement, and maintain secure DevOps pipelines and infrastructure in AWS and Azure environments, adhering to cloud-native security best practices.
• Secure AWS RDS instances hosting MSSQL, MySQL, and PostgreSQL databases, including encryption, access controls, and vulnerability management.
• Identify, assess, and resolve security vulnerabilities in infrastructure, applications written in Java, Node.js, and .NET, and database systems.
• Configure and manage ingress/egress network firewalls to protect cloud, on-premises, and database environments from unauthorized access and threats.
• Utilize security tools such as Snyk, Pentest, Orca, Nexus, and others to perform vulnerability scans, penetration testing, and risk assessments across infrastructure and databases.
• Proven expertise in leading AWS-based solutions, including architecting and managing AWS EKS for Kubernetes workloads, AWS Control Tower for governance, and services like EC2, S3, VPCs, IAM, and Security Groups—AWS experience is mandatory.
• Hands-on experience designing, deploying, and securing AWS EKS clusters, including cluster autoscaling, logging (e.g., CloudWatch), monitoring, and integration with CI/CD pipelines.
• Demonstrated ability to implement and manage AWS Control Tower for multi-account governance, compliance, and security policy enforcement.
• Collaborate with development teams to integrate security into CI/CD pipelines, ensuring secure code deployment, infrastructure-as-code, and database configurations.
• Conduct security audits and ensure compliance with SOC controls (e.g., SOC 2), providing documentation and remediation plans for infrastructure and database security.
• Monitor and respond to security incidents using cloud security services and database-specific monitoring tools.
• Harden cloud infrastructure (e.g., IAM policies, encryption, network security groups) and database environments to mitigate risks and align with industry standards.
• Stay current on emerging security threats, tools, and best practices, providing actionable recommendations to enhance our security posture.
• Mentor team members on DevOps security practices, including database security, to foster a security-first mindset across the organization.

Required Skills and Qualifications

• Experience: 8-10 years of professional experience in DevOps with a strong focus on cloud and database security.
• AWS Cloud Security: Expertise in securing AWS environments, including EC2, S3, VPCs, IAM, and Security Groups—AWS experience is mandatory.
• AWS RDS Security: Proven experience securing AWS RDS instances running MSSQL, MySQL, and PostgreSQL, including encryption, auditing, and access management.
• Azure Cloud Security: Strong skills in securing Azure infrastructure, including Azure AD, Virtual Networks, Key Vault, and Sentinel—Azure experience is mandatory.
• Database Security: Hands-on experience securing MSSQL, MySQL, and PostgreSQL databases, including vulnerability assessment and hardening techniques.
• Application Security: Proficiency in identifying and resolving vulnerabilities in Java, Node.js, and .NET applications, including secure coding practices.
• Network Security: Deep knowledge of ingress/egress firewall configuration, network segmentation, and traffic monitoring (e.g., AWS WAF, Azure Firewall).
• Security Tools: Expertise with tools like Pentest, Orca, Nexus, or similar for vulnerability management, penetration testing, and dependency scanning.
• SOC Controls & Audits: Strong familiarity with SOC 2 compliance, audit preparation, and control implementation for infrastructure and databases.
• Experience with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps) and integrating security into automated workflows.
• Master’s degree in computer science, Information Security, or a related field (or equivalent experience).
• Strong analytical skills and the ability to troubleshoot complex security issues in a fast-paced environment.
• Excellent communication skills to collaborate with technical teams and present findings to leadership.
• Certifications such as AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate, CISSP, or CEH.
• Experience with container security (e.g., Docker, Kubernetes)
• Familiarity with scripting languages (e.g., Python, Bash, PowerShell) for security automation.
• Knowledge of additional security frameworks (e.g., NIST, ISO 27001) or compliance standards beyond SOC.

Special Work Conditions

• Sedentary – Involves sitting most of the time but may involve walking or standing for brief periods of time. Some positions may entail exerting up to 15 lbs. of force occasionally and/or a negligible amount of force to lift, carry, push, or pull.

Benefits

Cast & Crew provides a comprehensive package of employee benefits including: Medical, Dental, Vision, PTO, health and wellness programs, employee discounts, and more! Note: Cast & Crew benefits are subject to eligibility requirements.

Cast & Crew is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.

CA residents
Your personal information may be collected in connection with certain services provided by Cast & Crew or its affiliated companies. A summary of your California privacy rights can be found at: https://www.castandcrew.com/privacy-policy/

Compensation is commensurate with various factors including, but not limited to, relevant experience, qualifications, skills, training, licensure, certifications, geographic cost of labor, and other business and organizational needs. Compensation range for candidates in other locations may differ based on the cost of labor in that location. The compensation range for this position is: $140,000.00 - $160,000.00 per year.