Sr. DevSecOps Engineer

Remote /
Product, Data, and Engineering – Information Security /
Full time work anywhere
/ Remote
About Spruce

Spruce is the platform enabling modern real estate transactions. We work with forward-thinking mortgage lenders, real estate companies, and investors. We believe that the future of real estate will be driven by automation, efficiency, and digital experiences. Our mission is to  provide the products and services necessary to make that happen.

About the Role

Spruce is looking for an experienced DevSecOps engineer to join its growing Information Security team. The ideal candidate will have an interest in security and cloud technologies and will thrive in a fast-paced startup environment.

As a part of the Information Security team, you will work on enhancing infrastructure security, including reviewing and validating cloud configurations, deploying infrastructure as code, and remediating infrastructure and network vulnerabilities. Your ability to identify and help remediate tactical security concerns while keeping the strategic goals in mind will help us drive excellence in the security posture of the organization.

What You'll Do

    • Build and maintain an infrastructure security program for Spruce’s applications
    • Design and configure network security in the cloud to protect sensitive information
    • Partner with the Engineering to deploy and secure infrastructure and applications in our GCP cloud environment
    • Build and enhance CI/CD pipelines to deploy infrastructure, applications, and security tooling
    • Assess infrastructure security and tooling, provide recommendations, and implement solutions to enhance security posture
    • Utilize security tools to monitor assets and remediate findings to strengthen the security posture of the organization

Who You Are

    • Bachelor's Degree in one of the following: Information Security, Computer Engineering, Computer Science, Information Systems Management or relevant hands-on experience in Cybersecurity or Engineering 
    • Experience building infrastructure security programs with a cross-functional team in multiple workplaces
    • Experience deploying and managing networking and infrastructure in cloud environments
    • Hand-on experience developing and deploying Infrastructure as Code to manage infrastructure in cloud environments (Terraform, Ansible)
    • Experience with container technologies (Docker, Kubernetes, and Helm)
    • Excellent analytical and troubleshooting skills: monitor systems to identify threats and vulnerabilities, execute security architectures, and ensure there are no external threats
    • Certification in Information Security (CISSP, CISM, CCSP) or GCP (Cloud Engineer, Cloud DevOps Engineer) is a major plus


    • The anticipated annual compensation range for this position is $165,000 - $200,000.  Stock options are typically a part of the total compensation package determined on a role-by-role basis. Your actual compensation may vary depending on your relevant skills and experience.
    • We provide a competitive benefit package that includes 4 weeks paid PTO, 20 paid sick days, 12 weeks paid parental leave, and comprehensive medical, dental, and vision coverage.
    • We pride ourselves on a culture where everyone is treated with respect, kindness, and appreciation.
We are proud of the team we’re building. We're committed to equal opportunity employment -- and beyond. We believe diverse experiences and perspectives build a stronger team and a better product. We welcome fresh perspectives and challenge our own assumptions to make Spruce better. The more inclusive we are as a company, the better we can serve our customers.