Senior DevOps Engineer (Product Security)
Job Summary
Job Description
WHOOP is seeking a motivated Senior Dev(Sec)Ops Engineer to join their Software Platform group, focusing on advancing secure cloud infrastructure and engineering practices. The role involves collaborating with various teams to drive security governance, infrastructure automation, and secure development within a high-scale AWS environment. Responsibilities include implementing secure-by-default configurations, IAM access controls, policy-as-code frameworks, and infrastructure as code using tools like Terraform. The engineer will also develop guardrails, monitoring, and risk mitigation strategies, act as a security champion, participate in incident response, and support compliance initiatives. The ideal candidate will have at least 5 years of experience in DevOps or Cloud Engineering with a focus on security, expertise in AWS services, and experience with infrastructure as code tools.
Must have:
- 5+ years of experience in DevOps, SRE, or Cloud Engineering
- Expertise in AWS services (IAM, EC2, S3, RDS, Lambda, etc.)
- Experience with infrastructure as code tools (Terraform preferred)
- Strong cloud security best practices knowledge
- Experience with CI/CD pipelines and security monitoring tools
- Scripting/programming skills (Python, Go, Java, Javascript, Bash)
Good to have:
- Experience with Kubernetes/EKS
- Experience with Cloudflare, CDN, TLS/SSL, DNS
- Experience with SOC2, HIPAA, or GDPR compliance
16 skills required
Job Details
At WHOOP, we're on a mission to unlock human performance. WHOOP empowers members to perform at a higher level through a deeper understanding of their bodies and daily lives. We are looking for motivated engineers to join our team on our mission.
The Software Platform group focuses on building technology that enables rapid user growth worldwide and accelerates product development across our entire software organization, while ensuring stability, security, and compliance. We handle massive amounts of data continuously streaming to the cloud from everyday people to elite athletes. The team builds shared services and custom tooling that enables our developers to deliver value to those customers.
We are looking for a Senior Dev(Sec)Ops Engineer to join our team and take ownership of advancing secure cloud infrastructure and engineering practices across the organization. You’ll collaborate with infrastructure, product and data science teams to drive security governance, infrastructure automation, and secure development practices in a high-scale AWS environment.
RESPONSIBILITIES:
- Drive security governance across AWS environments, advocating for and implementing secure-by-default configurations, IAM access controls, and policy-as-code frameworks.
- Design and implement infrastructure as code using tools like Terraform and Spacelift to manage cloud infrastructure in a scalable and auditable way.
- Collaborate with Data Science, Platform, and Product teams to embed security into the software delivery lifecycle, CI/CD pipelines, and runtime environments
- Develop guardrails and monitoring to detect and prevent misconfigurations, insecure defaults, and policy violations.
- Implement and manage risk mitigation strategies for cloud infrastructure, including automated backups, disaster recovery planning, and data retention policies to ensure business continuity and data integrity.
- Act as a security champion, educating engineers and stakeholders on cloud security principles, secure infrastructure design, and compliance requirements.
- Participate in incident response and remediation efforts related to cloud or infrastructure security events.
- Support compliance initiatives (e.g., SOC2, GDPR, SaMD) by ensuring infrastructure controls are auditable, testable, and well-documented.
RESPONSIBILITIES:
- 5+ years of experience in DevOps, Site Reliability, or Cloud Engineering roles, with a focus on securing cloud infrastructure.
- Expertise in AWS services and architectures, including networking, IAM, EC2, S3, RDS, CloudTrail, Config, IdentityCenter, Organizations and Lambda.
- Proven experience with infrastructure as code tools like Terraform (preferred), AWS CDK, or Pulumi in production environments.
- Strong foundation in cloud security best practices, including least privilege access, resource isolation, logging/monitoring, and vulnerability management.
- Hands-on experience with container orchestration and infrastructure platforms (e.g., Kubernetes, EKS).
- Strong scripting or programming skills in languages like Java, Python, Javascript, Go, and/or Bash.
- Familiarity with CI/CD pipelines, secrets management, and automated security scanning and monitoring tools (e.g., SAST, CNAPP, SIEM, etc).
- Bonus: Experience with modern web hosting technologies, including Cloudflare, CDN management, TLS/SSL certificate handling, and DNS configuration for scalable and secure application delivery.
- Bonus: Experience working in environments with SOC2, HIPAA, or GDPR compliance requirements.
ABOUT YOU:
- You’re a proactive problem-solver who thrives on ownership and is passionate about raising the security bar.
- You prioritize automation in everything you do, continuously seeking opportunities to streamline processes and eliminate manual steps through reliable, scalable tooling.
- You enjoy working cross-functionally and can clearly communicate complex security issues to both technical and non-technical stakeholders.
- You understand that security is a shared responsibility and believe in building guardrails over roadblocks.
- You value quality, reliability, and visibility as much as speed and scale.
Learn more about our engineering teams and how to be successful in your engineering career at WHOOP via our Career Framework.
This role is based in the WHOOP office located in Boston, MA. The successful candidate must be prepared to relocate if necessary to work out of the Boston, MA office.
Interested in the role, but don’t meet every qualification? We encourage you to still apply! At WHOOP, we believe there is much more to a candidate than what is written on paper, and we value character as much as experience. As we continue to build a diverse and inclusive environment, we encourage anyone who is interested in this role to apply.
WHOOP is an Equal Opportunity Employer and participates in E-verify to determine employment eligibility. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Similar Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Similar Skill Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Jobs in Boston, Massachusetts, United States
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
Product Management Jobs
Looks like we're out of matches
Set up an alert and we'll send you similar jobs the moment they appear!
