DevSecOps Engineer

Job Description

Job Description

Rumble is the Freedom-First technology platform. We proudly offer a video platform, cloud services, advertising solutions, and a non-custodial cryptocurrency wallet.

Rumble Cloud is seeking a DevSecOps Engineer to embed security throughout the software development lifecycle for our cloud platform and customer-facing services. This is a hands-on engineering role that owns our Secure Software Development Lifecycle (SSDLC) end to end: you'll design it, operate it, partner with engineering teams to remediate vulnerabilities, and continuously harden the CI/CD pipelines that ship Rumble Cloud to production.

Our platform is built on OpenStack and Ceph, and this role sits at the intersection of application security, platform engineering, and developer enablement. You should be comfortable reviewing pipeline configurations, triaging SAST, DAST, SCA, and container scanning findings with developers, and driving practical security improvements across Python, Go, and TypeScript codebases without becoming a bottleneck to delivery.

You'll work closely with application, platform, and infrastructure teams, with architectural guidance from our Software Architect, to make security a core part of how we build and ship software. That includes defining secure coding standards, integrating automated security tooling into CI/CD, improving software supply chain integrity, supporting audit readiness, and helping engineers make sound, scalable security decisions in a fast-moving cloud environment.

Responsibilities

• Own the SSDLC end to end, including secure coding standards, threat modeling, security gates, policy-as-code, and documentation suitable for audits, in partnership with the Software Architect in an advisory capacity.

• Drive vulnerability identification, triage, and remediation across Python, Go, and TypeScript/React codebases, partnering directly with engineers to prioritize and fix issues effectively.

• Design, harden, and optimize CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, or similar systems, ensuring security controls are integrated cleanly into developer workflows.

• Integrate and operate security tooling across the software delivery lifecycle, including SAST, DAST, SCA, secret scanning, container scanning, and dependency analysis.

• Implement secure software supply chain practices such as signed artifacts, SBOM generation, provenance controls, and related guardrails for build and release processes.

• Manage secrets, credentials, and signing keys used by build and deployment pipelines, applying least-privilege access, rotation, and secure storage practices.

• Partner with engineering teams to review code, assess risk, and recommend practical remediation approaches that improve security without unnecessarily slowing delivery.

• Support security incident response and post-incident follow-up for application and platform issues, helping identify root causes and drive durable fixes.

• Contribute to audit readiness and evidence collection for frameworks such as ISO 27001, SOC 2, PCI DSS, or FedRAMP, especially where CI/CD controls and engineering practices are in scope.

• Mentor engineers on secure development practices and help establish a culture where security is built into design, implementation, and release processes from the start.

Qualifications

• Experience in a DevSecOps, application security, or product security role, including designing and operating a Secure Software Development Lifecycle (SSDLC).

• Hands-on experience with CI/CD systems such as GitHub Actions, GitLab CI, Jenkins, or similar, including pipeline design, optimization, and hardening.

• Strong knowledge of application security tooling including SAST, DAST, SCA, and container scanning, along with a practical understanding of the OWASP Top 10.

• Ability to read and review code in at least one of Python, Go, or TypeScript and to work directly with developers on remediation.

• Experience with Docker and Kubernetes, secrets management systems such as Vault, and authentication patterns such as OAuth2 and OpenID Connect.

• Strong communication and collaboration skills, with the ability to influence engineering teams and drive secure practices without direct authority.

Preferred Qualifications

• Security certifications such as CSSLP, OSCP, GWAPT, CISSP, or equivalent.

• Experience with software supply chain security practices and tooling, including SLSA, Sigstore/cosign, and SBOM generation or validation.

• Familiarity with OpenStack, Ceph, or other large-scale open-source infrastructure platforms.

• Experience supporting audits or compliance initiatives such as ISO 27001, SOC 2, PCI DSS, or FedRAMP, including evidence collection tied to CI/CD and engineering controls.

• Experience with threat modeling methodologies such as STRIDE or PASTA, and with IaC security scanning across Terraform, Ansible, and Kubernetes manifests.

• Familiarity with multi-tenant SaaS or public cloud environments, and experience operating Rocky Linux or Ubuntu in production.

Annual Compensation Range:

$165,000 - $195,000 USD base + benefits + equity (If based in the United States)

$122,000 - $158,000 CAD base + benefits + equity (If based in Canada)

Note: The salary range listed for this position is a good faith estimate based on experience, qualifications, and internal compensation structure. The actual salary offered varies depending on the candidate's skill level and experience. This posting refers to an active vacancy within the organization.

Why Our Team Loves Working Here:

• We are making a significant financial impact for our video creator community; we're proud of their success stories
• We enjoy challenging the status quo and going head-to-head against Big Tech
• We aren't afraid to try new things; we act fast and want to win
• We pay competitive salaries and provide great benefits

EEO Statement:
Rumble is an equal opportunity employer.  We promote an equal playing field where everyone has the same opportunities regardless of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability status, or any other applicable characteristics protected by law. Rumble is an active participant in the e-verify program.

Physical demands of the position:
While performing the duties of this job, the employee is regularly required to sit for prolonged periods of time while using a computer and/or keyboard. The employee is required to communicate verbally and hear. The employee may be required to walk, reach with hands and arms, balance, and stoop or kneel. The employee may occasionally be required to lift and/or move up to 15 pounds. Specific vision abilities required by this job include clarity of vision at approximately 20 inches or less (i.e., working with small objects or reading small print), including the use of computers.