DevSecOps Engineer

is a new way to build production-ready UI and graphics — with rich interactivity and state-driven animation. We're on a mission to make hard-coded graphics a thing of the past with a new general-purpose graphics format for all types of software and Ul. Rive empowers teams to iterate faster and build better products.

We’ve seen tremendous organic growth over the last few years. Our innovative customers include tech giants, game studios, consumer apps with millions of users… there are even Rive pixels in space! 

As our enterprise customer adoption increases so does our need for trust, security and SOC 2 and ISO 27001 certification. We're looking for our first DevSecOps Engineer with a strong SaaS security background who will bring lessons learned to help us continuously improve our infrastructure, implement best-in-class security practices, and lead our certification efforts. You’ll help shape the security function as Rive grows - with the opportunity to grow into a security leadership role.

Some of what you’ll do

• Security & Compliance
• Lead Rive’s SOC 2, ISO 27001, and other security certification processes, partnering with external vendors and auditors.
• Maintain and document security policies, controls, and procedures across infrastructure and engineering.
• Monitor and maintain security posture (e.g. IAM, encryption, vulnerability scans, audit logs).
• Work with teams across the company to implement security-by-design practices.
• Be the point of contact for all presales customer security reviews.
  
• DevOps & Infrastructure
• Implement infrastructure-as-code practices and ensure secure deployment pipelines.
• Improve our CI/CD pipelines, observability, and cloud infrastructure on AWS.
• Collaborate with engineering teams to ensure systems are secure, scalable, and maintainable.
• Automate compliance requirements using tools like Vanta, Drata, or similar.

• Security Culture & Enablement
• Conduct periodic risk assessments, access reviews, and incident response drills.
• Educate and empower the team to follow secure development and data handling practices.
• Help shape the security function as Rive grows - with the opportunity to grow into a security leadership role.
  

• 3+ years in DevOps, Infrastructure or Security Engineering with a SaaS product (prior startup or UGC company experience is a big plus). 
• Proactive communicator who can work autonomously, cross-functionally and translate security needs into practical solutions.
• Strong cloud security experience with AWS,  including IAM, secure VPC design, security groups, S3 permissions, CloudTrail, GuardDuty, and KMS.
• Experience working with cloud platforms in containerization, and modern CI/CD.
• Proficiency with infrastructure-as-code tooling, preferably Terraform.
• Deep understanding of secure web development principles, authentication and common application, language and API vulnerabilities. OWASP Top 10.
• Hands-on scripting and automation experience using one of the following; Python, Bash, Node.js, or similar languages.
• Proven experience with vulnerability management, including static code analysis, container scanning, and dependency scanning.
• Familiarity with security compliance frameworks such as SOC 2 or ISO 27001, including evidence collection and support for audits. Prior participation in the certification process is a plus.
• Exposure to governance, risk, and compliance (GRC) platforms such as Vanta or Drata and writing policies.

Location: San Francisco, CA preferred (hybrid) or US and Canada (remote)

Compensation and benefits: We offer a remote centric work environment, comprehensive health, dental, and vision coverage as well as stock options. Rive is committed to fair and equitable compensation practices. Compensation may depend on various factors including, but not limited to relevant work experience, skills, and geographic location. The salary range for this role is $135,000 to $170,000. 

At Rive we are a global group of passionate designers and developers who believe in transparency, failing fast, quick iteration, and experimentation. We aim to build a diverse and inclusive culture where everyone feels supported.

Help us accelerate the design industry's transition to Rive!