Senior DevSecOps Engineer
ThriveCartSouth America, AmericasMar 1, 2026
Remote
senior
full time
About ThriveCart:
ThriveCart is the leading no-code sales platform for digital course creators, coaches, entrepreneurs, and online businesses looking to boost revenue, drive conversions, and scale audiences. ThriveCart powers over 65,000 businesses and 12 million enrolled students, generating over $2 billion in annual sales. The platform provides all the tools businesses need to create high-converting checkout experiences, manage powerful affiliate campaigns, and deliver seamless student experiences with its built-in learning management system, Learn/Learn+.
Location:
Remote (South America)
Must have full authorization to work in country of residence being in South America.
Job Overview
Hands-on DevSecOps engineer responsible for securing and maintaining ThriveCart's e-commerce platform infrastructure, deployment automation, and production observability. You will implement security automation, maintain monitoring systems, and enable engineering teams with security tooling while ensuring high availability.
Key Responsibilities
Infrastructure & Systems Security
Implement and maintain security scanning in CI/CD (SAST, dependency, container)
Harden AWS infrastructure (WAF, Security Groups) and manage network segmentation
Monitor security advisories, coordinate patching, and track vulnerability remediation
Manage encryption (rest/transit), secure compute resources, and audit IAM policies
Provide security tooling/dashboards and assist developers with findings
Threat Detection & Observability
Maintain CloudWatch dashboards (Payment metrics, Database health, API performance)
Configure GuardDuty/Security Hub and build alerts for DDoS, intrusion, and anomalies
Monitor production health, investigate anomalies, and perform root cause analysis
Build investigation queries for security incidents and maintain response runbooks
Monitor for penetration attempts, API abuse, and suspicious access patterns
Infrastructure as Code & Operations
Manage AWS resources via Terraform (EC2, RDS, IAM, VPC) with security-first configurations
Maintain zero-downtime CI/CD pipelines with integrated security gates and rollback mechanisms
Administer MariaDB databases (performance tuning, backups, access controls)
Maintain Docker-based dev environments and secure container configurations
Support compliance requirements (PCI-DSS) and manage evidence collection
Technical Environment
Primary: AWS (GuardDuty, WAF, CloudWatch, EC2, RDS), Terraform, Docker, MariaDB, Git, Linux
Security Tools: Snyk/SonarQube (SAST), Trivy (Container), Checkov (IaC), AWS Secrets Manager
Secondary: Nginx, Memcached, PHP 7.4 envs, GitHub Actions, Let's Encrypt
Required Skills
Experience (3-5 years)
Production operations for high-traffic web apps with a focus on security
Implementing security controls (WAF, IAM, scanning) in AWS environments
Infrastructure as Code (Terraform) and CI/CD security integration
Database administration (MariaDB/MySQL) and container security (Docker)
DDoS mitigation, incident response, and compliance framework experience
Skills
Security: Vulnerability assessment, threat detection, IAM design, secrets management
DevOps: CloudWatch alerting, Terraform module dev, Bash scripting, Log analysis
Soft Skills: Security-first mindset, calm under pressure, collaborative educator
What Success Looks Like
First 30-90 Days
Audit security posture and identify high-priority gaps
Implement automated security scanning in CI/CD pipeline
Deploy DDoS and intrusion detection monitoring (GuardDuty/WAF)
Reduce critical vulnerabilities by 40% through remediation
Ongoing Success Indicators
Zero successful penetration attempts due to unmonitored vectors
100% of infrastructure changes pass automated security review
Security vulnerabilities remediated within SLA (Critical: 24h)
Infrastructure deployed without incidents; high deployment confidence
On-Call & Benefits
Shared rotation (focus on revenue-critical & security alerts)
Competitive salary + Equity + Security certification sponsorship (CISSP, AWS Security)
Impact: Secure a revenue-critical platform serving real businesses
Learn More About ThriveCart:
Our team thrives on collaboration, innovation, and continuous growth. We foster an open environment with regular knowledge-sharing sessions and encourage active participation in shaping the platform. Our values include:
Commit to Excellence – We believe in delivering high-quality work and continuous improvement.
User-Focused Problem Solving – Every design should contribute to solving a real problem for our users.
Team Collaboration – We work better together, valuing input from every team member.
Growth Mindset – We embrace challenges as opportunities to learn and grow.