AI can be a powerful tool for good in the world – at Altana we apply AI to the world’s largest organized body of supply chain data to power a more resilient, more secure, and more sustainable model of global commerce. Our customers connect to the Altana network to build resilience for critical industries and infrastructure, automate and safeguard cross-border trade, transform insurance underwriting, protect national security, combat modern slave labor, disrupt fentanyl trafficking, and ensure that their products are sustainable.

Altana is backed by leading investors and used by the world’s most important organizations, including Lloyd’s, Maersk, multiple government agencies across the US, UK, EU, Singapore, and Australia, General Atomics, Boston Scientific, and more. We are building a global platform connecting the public and private sectors into an AI-powered network for building trusted supply chains. We operate in accordance with our values: we focus on value creation, not capture; we foster diversity and embrace difference; we embrace reality; we get things done; we amaze our clients. When you join Altana, you’ll be joining a vibrant, collaborative team working together to solve complex problems with the potential for global societal impact.

The Opportunity at Altana

At Altana, we believe great engineering drives reliable and secure systems. We're looking for someone excited about embedding security deeply into our infrastructure and supporting processes, which run on modern technologies like containers, cloud services, and automated pipelines. You'll be instrumental in building tools and processes that proactively keep our systems secure and free from vulnerabilities. This role combines technical leadership, creativity, and collaboration across DevOps, security, and software development teams to ensure our technology stack remains resilient and trusted.

You'll play a key role in developing and implementing a robust security posture within our DevOps team, with a strong emphasis on proactive risk reduction. This includes establishing and refining processes for identifying and remediating vulnerabilities, deploying security tooling, and leveraging automation within our pipelines to maximize efficiency. You'll collaborate closely with Information Security and Development teams to integrate security practices throughout the development lifecycle. Success will be measured by the overall strength and effectiveness of our security posture, the timely and efficient resolution of vulnerabilities, and enabling our engineering teams to deliver secure and reliable products.

Your Responsibilities

Assessment & Reporting

• Aggregate and assess vulnerability data from multiple scanning tools and sources.
• Quickly triage vulnerabilities; accurately assessing their risk and impact, and clearly documenting findings.
• Define effective remediation actions and collaborate directly with relevant teams to initiate timely fixes.
• Act as the primary contact for security compliance engagements and audits across the business.
• Develop, publish, and maintain clear metrics and reports that demonstrate the effectiveness and progress of our vulnerability management program.

Remediation:

• Collaborate with engineering and security teams to prioritize and facilitate timely vulnerability remediation.
• Provide actionable guidance on code-level fixes, configuration improvements, and secure coding best practices.
• Drive improvements in vulnerability management processes through ongoing collaboration and feedback.

Automation:

• Implement automated security testing and monitoring solutions to continuously identify new risks.
• Develop automation to prioritize vulnerabilities based on severity, exploitability, and impact.
• Automate patch management, dependency updates, and configuration management to quickly resolve vulnerabilities.
• Create automated remediation workflows to address common security issues and reduce manual effort.
• Collaborate closely with Cloud Engineering and DevOps teams to embed automated security controls into deployment processes.
• Generate automated reports and dashboards to communicate security posture and remediation progress.
• Regularly evaluate and enhance automation practices, tooling configurations, and control efficacy.

About You

• Bachelor’s degree in Computer Science, Engineering, or a related field; advanced degree preferred.
• 5+ years of experience in Operations, DevOps, DevSecOps, or related engineering roles.
• Expertise in building out application security pipelines and CI/CD platforms using tools such as GitHub Actions, Jenkins, and/or Azure DevOps.
• Proficiency in programming/scripting languages like Python or Go.
• Hands-on experience with IaC tools (Terraform, OpenTofu, CloudFormation) and cloud platforms (AWS, Azure).
• Strong understanding of application security, container security (Docker, Kubernetes), and cloud security (AWS or Azure) .
• Knowledge of modern software delivery paradigms, including microservices and serverless architectures.
• Familiarity with security frameworks and standards (OWASP, NIST, CIS).
• Exceptional problem-solving skills, communication, and ability to work in a fast-paced environment.
• Experience with SAST/DAST tools like SonarQube or Burp Suite.

This role can be based in New York City, Washington D.C., or the San Francisco Bay Area with an expectation of hybrid work or occasional travel as needed. 

US Salary Range and Benefits

$134,000 - $200,000 USD

The salary range, to the extent specified for this role, is a good faith statement of the minimum and maximum levels of the annual based salary for the position.  The base salary offered to a successful candidate will depend on a wide range of compensation factors, including, but not limited to, work experience, education and/or training, critical skills, and/or business considerations. Competitive equity grants are included in the majority of full time offers; and are considered part of Altana's total compensation package. Altana also offers either a discretionary bonus or a variable compensation plan depending on the role. Additionally, Altana offers top-tier benefits for full-time employees, including:

• Flexible Time Off: Altana operates with a Flexible Time Off (FTO) policy that gives you agency over your own time off so you can maximize your work-life balance.
• Parental Leave: We offer industry leading Paid Parental Leave (PPL), providing 14 weeks of leave for non-birthing, adoptive, and foster parents and up to 26 weeks of leave for birthing parents, all paid at 100% of your base salary.
• Health Benefits: We have a full suite of medical, vision, and dental benefits with generous employer contributions, designed to give you flexibility and choice for your individual health situation. Our high deductible health plan is 100% employer paid for employees and supplemented with an employer contribution to your Health Savings Account (HSA). There is also a Flexible Spending Account (FSA) option.
• Supplemental Benefits: Altana provides life, short- and long-term disability, and AD&D insurance coverage, all at no cost to you, so you know that you and your loved ones are covered in case of an emergency.
• 401(k) Savings: Save for and invest in your future using our Guideline 401(k) retirement savings program.
• Commuter Benefits: Save money on your commute by setting aside pre-tax funds for public transit or parking!
• Wellness: Because we value mental and emotional health, every Altana employee has access to a free premium subscription to Calm, the #1 app for meditation, sleep, and mindfulness.
• Pet Insurance: Pets are family too! Keep them healthy with Wishbone insurance and / or our Total Pet vet service and telehealth discount plan.
• Employee Assistance Program: Free access to confidential personal support.
• Dependent Care FSA: You will have access to a Dependent Care FSA, which allows you to set aside pre-tax funds for childcare expenses

The recruiter assigned to this role can share more information about the specific compensation and benefit details associated with this role during the hiring process.

Why it’s great to work at Altana

• We love to collaborate, and we win as a team!
• We are committed to engineering excellence
• We value personal and professional development
• We learn from diverse backgrounds and perspectives
• We impact the world, from enabling developing countries to identifying drug traffickers

At Altana, we believe that a diverse workforce enables greater creativity, performance, and adaptability. We’re proud to be an equal opportunity employer and welcome you to join us as you are. Our employment opportunities and decisions are based on business needs and individual qualifications, without regard to race, color, religious creed, national origin, ancestry, age, physical or mental disability, medical condition, marital status, sexual orientation, gender identity or expression, genetic information, family care or medical leave status, military or veteran status, or any other characteristic protected by the laws or regulations in the areas in which we operate. We prohibit discrimination and harassment of any type, in any situation.

Offers related to employment at Altana will come from an Altana.ai email address. We will never ask for payment as part of the interview or onboarding process.