DevSecOps Engineer

Hadrian — Manufacturing the Future

Hadrian is building autonomous factories that help aerospace and defense companies manufacture rockets, satellites, jets, and ships up to 10x faster and up to 2x cheaper. By combining advanced software, robotics, and full-stack manufacturing, we are reinventing how America produces its most critical parts.

We recently raised $260 million dollar Series C to accelerate this mission. We are excited to be launching a new Factory in Mesa, Arizona, a 270,000 square foot facility that will create 350 new jobs immediately. We are opening a new headquarters to support thousands of future hires, launching Hadrian Maritime to serve naval production, and introducing a Factory-as-a-Service model that delivers complete systems instead of individual parts.

Hadrian works with startups, Tier 1 and Tier 2 suppliers, and major defense contractors across space, shipbuilding, and aviation to scale production, reduce costs, and accelerate delivery on mission-critical programs. We are backed by leading investors including Lux Capital, Founders Fund, and Andreessen Horowitz. Our fast-growing team is united by a shared mission to reindustrialize American manufacturing for the 21st century and beyond!

The Role

You will ship secure code at startup speed. As our DevSecOps Engineer, you'll build security directly into our development pipeline—making the secure path the easy path. You'll architect relationship-based authorization with SpiceDB/Zanzibar, configure Envoy gateways with sophisticated auth policies, implement JWT-based authentication, and secure our Kubernetes infrastructure with network policies and admission controls. You'll implement scanning that catches vulnerabilities before production, create policies that enforce standards automatically, and secure our supply chain from code to deployment. This isn't about gates and approvals; it's about engineering security solutions that accelerate safe delivery. You'll work at the intersection of development, operations, and security, building tools that protect without slowing down our factory automation mission.

What You'll Do

• Design and implement SpiceDB/Zanzibar for relationship-based authorization.

• Configure Envoy gateway with external authorization and rate limiting.

• Implement JWT authentication and token validation systems.

• Build RBAC/ABAC/ReBAC authorization frameworks.

• Configure Kubernetes RBAC, service accounts, and network policies.

• Design API gateway security policies and WASM filters.

• Design and implement SAST/DAST/SCA pipelines in CI/CD.

• Build policy-as-code frameworks using OPA/Kyverno.

• Implement software supply chain security (signing, SBOM, provenance).

• Create automated security testing for APIs and microservices.

• Design threat models and security architecture reviews.

• Build security monitoring and alerting dashboards.

• Automate vulnerability management and patching workflows.

• Implement secrets management and rotation systems.

• Secure container images and Kubernetes deployments.

• Create security guardrails in Terraform modules.

• Build runtime security monitoring with Falco/eBPF.

• Develop security training and documentation for developers.

• Automate compliance scanning and reporting.

• Lead security incident response and post-mortems.

• Design zero-trust networking implementations.

• Integrate security tools into developer workflows.

• Create security metrics and KPI tracking.

What We're Looking For

• Experience with SpiceDB, Zanzibar, or similar ReBAC systems.

• Envoy proxy configuration and ext_authz.

• Deep expertise with JWT tokens and validation.

• Strong Kubernetes RBAC implementation experience.

• Network policy design and enforcement (Calico/Cilium).

• ABAC/RBAC authorization model design.

• Experience with OAuth 2.0, OIDC, SAML.

• API gateway patterns and security.

Core Skills:

• Strong software development skills (Python/Go).

• Deep understanding of CI/CD pipelines and GitOps.

• Expert knowledge of container and Kubernetes security.

• Experience with SAST/DAST/SCA tools.

• Proficiency in policy-as-code frameworks.

• Understanding of supply chain security and SLSA.

• Experience with infrastructure as code security.

• Ability to threat model complex systems.

• Strong automation and scripting capabilities.

• Knowledge of cloud security best practices.

• Experience with security monitoring and SIEM.

• Git proficiency and code review experience.

• Understanding of cryptography and PKI.

• Excellent documentation skills.

• Ability to balance security with velocity.

Compensation

For this role, the target salary range is $120,000 - $200,000 (actual range may vary based on experience).

This is the lowest to highest salary we reasonably and in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee's pay position within the salary range will be based on several factors, including, but not limited to, relevant education, qualifications, certifications, experience, skills, geographic location, performance, and business or organizational needs.

Benefits

• 100% coverage of medical, dental, vision, and life insurance plans for employees

• 401k

• Relocation stipend if you’re moving from outside of LA

• Flexible vacation policy

ITAR Requirements

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Hadrian Is An Equal Opportunity Employer

It is the Company’s policy to provide equal employment opportunity for all applicants and employees. The Company does not unlawfully discriminate on the basis of race inclusive of traits historically associated with race (including, but not limited to, hair texture and protective hairstyles, such as braids, locks and twists), color, religion, sex (including pregnancy, childbirth, or related medical conditions), gender identity, gender expression, transgender status, national origin (including, in California, possession of a drivers license), ancestry, citizenship, age, physical or mental disability, height or weight, medical condition, family care status, military or veteran status, marital status, domestic partner status, sexual orientation, genetic information, exercise of reproductive rights, any other basis protected by local, state, or federal laws, or any combination of the above characteristics. When necessary, the Company also makes reasonable accommodations for disabled candidates and employees, including for candidates or employees who are disabled by pregnancy, childbirth, or related medical conditions.