*This role is open to remote or hybrid candidates (East Coast preference), with hybrid being central to our New York, NY or Charlotte area offices. Must be able to work Eastern Standard Time hours.
Platform Engineering builds the foundations our product teams ship on — deployment, infrastructure, and security. We're hiring a DevSecOps Engineer to be the technical owner of our security posture and a force multiplier for every engineer at the company. This is a build-the-function role, not a ticket-taking role. You'll treat security as code, bake it into the development lifecycle, and automate the toil away so teams can ship fast and safely. You'll have unusually broad ownership and unusually high impact.
What You’ll Do:
- Own the engineering side of our compliance program (SOC 2 Type 2): implementing controls, collecting evidence, and keeping us audit-ready.
- Operate our compliance automation platform — integrations, evidence pipelines, and mapping controls to real implementation.
- Productize compliance: policy-as-code, automated evidence generation, and guardrails so passing audits doesn't slow product delivery.
- Own cloud security posture management and runtime security tooling: posture monitoring, container and IaC scanning, and runtime coverage across our environment.
- Triage and remediate findings against demanding SLAs, and design the automation and alerting that keeps pace with volume manual effort can't.
- Build auto-remediation workflows — including AI-assisted pipelines — that detect, file, and (where safe) fix findings with minimal human intervention.
- Build and maintain CI/CD security gates: SAST/SCA, secret scanning, SBOM generation, dependency management, and container/IaC scanning — implemented as reusable pipeline components and enforced through automated policy.
- Encode security and compliance controls into infrastructure-as-code and policy-as-code so the easy path is the secure path.
- Help close the prototype-to-production gap: turn fast-moving prototypes into production-grade, secure-by-default systems with automated guardrails.
- Make secure-by-default the norm through our internal tooling, so the right controls are applied automatically rather than relying on engineers to remember.
- Build the automation the team runs on — reusable modules, pipeline components, and AI/agentic tooling that turn manual security work into self-service capability.
- Partner with corporate security and GRC functions while building and maturing our in-house security capability, so the team can make sound security decisions quickly and independently
What We’re Looking For:
- 5+ years in security engineering, DevSecOps, or platform/infrastructure engineering with a strong security focus (Staff level: 8+ years and a track record of building security functions or programs).
- Deep hands-on cloud security experience (compute, networking, IAM, key management, logging) on a major cloud provider.
- Strong infrastructure-as-code skills, especially Terraform, including policy-as-code.
- Proven CI/CD security experience: building pipeline security controls (SAST/SCA, secret scanning, dependency and container scanning) into developer workflows.
- Hands-on vulnerability management at scale: triage, prioritization, SLA-driven remediation, and the automation to make it sustainable.
- Working knowledge of SOC 2 (or comparable frameworks) and what it takes to implement and evidence controls in a real engineering environment.
- Fluency with the categories of modern cloud security tooling — CSPM, ASPM/SAST and secret scanning, compliance automation, and SIEM (e.g., tools such as Wiz, Prisma Cloud, Snyk, Drata, Vanta, or equivalents).
- Strong coding/scripting ability to build automation, not just configure tools — you write the pipelines, modules, and tooling that scale security across many services.
- Experience standing up or maturing an in-house security function.
- Multi-cloud exposure and experience securing an internal developer platform.
- Security monitoring and detection/alerting design.
- Experience applying AI/LLM tooling to security operations — auto-remediation, evidence generation, agentic workflows.
Compensation:
This range reflects total cash compensation, which may include base salary only or base salary plus target bonus, depending on the role. Where eligible, equity may also be offered separately and not included below. Actual compensation varies based on location, experience, and qualifications.
- Total Cash Compensation Range: $130,000 – $225,000 per year
Additionally, the following benefits are provided by Red Ventures, subject to eligibility requirements.
- Health Insurance Coverage (medical, dental, and vision)
- Life Insurance
- Short and Long-Term Disability Insurance
- Flexible Spending Accounts
- Holiday Pay
- 401(k) with match
- Employee Assistance Program
- Paid Parental Bonding Benefit Program
- Flexible Paid Time Off (PTO): We believe time to rest and recharge is essential. That’s why we offer a generous and flexible PTO policy. Full-time employees accrue 20 days of PTO for a full calendar year annually, with an increase to 25 days after five years of service.
Who We Are:
Bankrate is where Americans go to get the best price on life's most important financial decisions. By combining proprietary data, advanced technology, and deep market coverage, Bankrate helps consumers compare options and make confident financial choices across mortgages, credit cards, savings, and more. As a rate provider to the Federal Reserve and the benchmark relied upon by major publishers and policymakers nationwide, Bankrate's rate data is the national standard. This commitment to precision is reflected across all its products. In mortgages, proprietary auction technology puts lenders in real-time competition on price alone, consistently delivering rates in the lowest 10% in the country. For deposits, the platform features exclusively top-tier rates in the top 10% nationally, while its credit card coverage encompasses more than 90% of the market by volume. Founded by a journalist, Bankrate remains dedicated to its founding mission of transparency, honest information, and real competition — helping to make the American dream more affordable for everyone.
Red Ventures is an equal opportunity employer that does not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or any other basis protected by law. Employment at Red Ventures is based solely on a person's merit and qualifications.
We are committed to providing equal employment opportunities to qualified individuals with disabilities. This includes providing reasonable accommodation where appropriate. Should you require a reasonable accommodation to apply or participate in the job application or interview process, please contact [email protected].
If you are based in California, we encourage you to read this important information for California residents linked here.
At Red Ventures, we believe in real human connection. That’s why we do not hire someone through text, social media, or email only. As part of the hiring process, you should expect live conversations with RV teammates before any offer is made. Also, keep an eye on the sender: we only use official @redventures.com email addresses at the portfolio level or business specific email addresses (e.g., @thepointsguy.com), not ones like “redventurescareer.com.” We will never ask candidates to send money, buy equipment, or share financial account info during your journey with us. You can always find our open roles on redventures.com— if you receive a message that seems suspicious, please use redventures.com to verify the opportunity.
For more, the U.S. Federal Trade Commission has published helpful articles to help individuals learn more about protecting themselves from recruiter scams. If you think you’ve been targeted, feel free to report it to your local authorities. Stay safe out there!
Similar Jobs at Bankrate
What you need to know about the Boston Tech Scene
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

