Posted 8 days ago

Security Engineer, DevSecOps - Mexico

Mexico CityRemoteFull-time

AI Summary

Security Engineer on the DevSecOps team designs and develops software solutions to protect data and infrastructure in the cloud, focusing on automation, cloud security tooling, and threat modeling integrated into the developer workflow.

About this role

All roles at JumpCloud® are Remote unless otherwise specified in the Job Description.

About JumpCloud®

JumpCloud® is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.

JumpCloud is Intelligent, Secure IT.

About the team:

As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.

What you will be doing:

Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineering’s Security needs (Product Security and Infrastructure Security).

Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).

Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.

Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.

Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.

Necessary skills:

4 years of software engineering experience with a strong interest or background in security engineering

Proficient in writing Golang or Python (more than simple scripts)

Experience with either AWS or GCP

Experience with Terraform

Experience with GitHub Actions

Excellent written and oral communication

Personal characteristics we are looking for:

Views security as an enabler, not an inhibitor to innovation

Results oriented and self driven

High level of integrity

Ownership and accountability

Clear communication

Creative problem solver

Passionate about security

Role requirements:

You must be available for on-call (after hours) duties for any internal tools/services this team owns

Serve as a responder in the on-call rotation for security incidents and alert triage.

Skills

AWSCI/CD AutomationCloud Security Posture ManagementContainer SecurityForensic LoggingGCPGitHub ActionsGolangInfrastructure As CodePythonSecurity ToolingSelf-service WorkflowsSIEMSoftware Supply Chain SecurityTerraformThreat ModelingThreat Modeling PipelinesVulnerability Management