Staff DevSecOps Engineer

JOB DESCRIPTION

Staff DevSecOps Engineer

Counterpart believes in small businesses and is dedicated to helping them do more with less risk. By pairing leading insurance experts with cutting-edge technology, Counterpart empowers small business owners to grow with confidence. Exceptional underwriters, trusted insurance brokers, and prominent insurance carriers come together on the Counterpart platform to support small businesses by providing AI-driven management and professional liability underwriting and claims services. That’s where you come in…

As a Staff Engineer, DevSecOps, you own Counterpart's security posture. Traditional security was designed for a human-to-system world. As we scale an increasingly agentic stack, that model breaks. Agents acting on behalf of humans introduce new attack surfaces, trust boundaries, and failure modes that require a fundamental redesign of how we think about security. You are the person who leads that redesign. You are the internal authority on security and compliance, own IT operations end-to-end, and you act as a hands-on member of the DevOps team building and securing our platform infrastructure. You build on our SOC 2 Type 2 and HIPAA foundations, extending them as the threat surface evolves. This role is the foundation of our in-house security function.

AS A STAFF DEVSECOPS ENGINEER, YOU WILL:

• Own the organization's security posture. Define, implement, and maintain the controls, policies, and practices that keep Counterpart secure across human and agentic interactions.
• Own our SOC 2 Type 2 and HIPAA compliance programs. Manage and automate audits, maintain evidence, and extend our compliance posture as the business and the threat surface grow.
• Stay ahead of emerging threats and regulations. Continuously evaluate our security posture against new attack vectors, including data poisoning, adversarial inputs, and agent hijacking. Track how AI security standards and regulatory requirements are evolving and get ahead of them before they become mandatory.
• Own IT operations end-to-end, from onboarding to offboarding. Manage and automate device procurement and provisioning, access controls, identity management, and the internal tooling stack.
• Own platform infrastructure security as a hands-on member of the DevOps team.
• Build and maintain sandbox architecture that allows safe experimentation without risking production systems.
• Design and implement secure environments for AI agent workloads, including trust boundaries, defenses against prompt injection, data exfiltration, and other unexpected behaviors.

WE LOOK FOR TEAMMATES WHO HAVE:

• 10+ years in DevSecOps, security engineering, or a combination of DevOps, security, and IT roles
• Hands-on experience with cloud infrastructure and security on AWS
• Experience owning or co-owning SOC 2 and HIPAA compliance programs, not just contributing to them
• Experience managing IT operations, including device management, identity and access management, and internal tooling
• A solid foundation in security frameworks and compliance standards, including hands-on familiarity with AI agent risks such as prompt injection, data poisoning, and adversarial inputs. You think proactively about how emerging AI security standards and regulations affect an insurance technology company deploying agents.
• The ability to communicate security risks clearly to non-technical stakeholders and translate compliance requirements into engineering decisions
• The drive to build a security function from the ground up and grow into owning it fully
• Domain curiosity about insurance. You either understand how insurance works or you are genuinely motivated to learn. Security decisions are better when you understand the business they protect.
• Experience working with distributed, remote teams. 

WHAT WE OFFER

• Unlimited Vacation: We offer flexible time off, allowing you to take time when you need it.
• Work from Anywhere: Counterpart is a fully distributed company, meaning there is no office. We allow employees to work from wherever they do their best work, and invite the team to meet in person a couple times per year.
• Stock Options 
• Health, Dental, and Vision Coverage
• 401(k) Retirement Plan
• Parental Leave
• Home Office Allowance: to set up your home office with the necessary equipment and accessories.
• Book stipend
• Professional Development Reimbursement
• No working birthdays: Take your birthday off, giving you the opportunity to relax, enjoy your special day, and spend time with loved ones.
• Charitable Contribution Matching

COUNTERPART'S VALUES

• Conjoin Expectations - it is the cornerstone of autonomy. Ensure you are aware of what is expected of you and clearly articulate what you expect of others. 
• Speak Boldly & Honestly - the only failure is not learning from mistakes. Don’t cheat yourself and your colleagues of the feedback needed when  expectations aren’t being met. 
• Be Entrepreneurial - control your own destiny.  Embrace action over perfection while navigating any obstacles that stand in the way of your ultimate goal. 
• Practice Omotenashi (“selfless hospitality”) - trust will follow.  Consider every interaction with internal and external partners an opportunity to develop trust by going above and beyond what is expected. 
• Hold Nothing As Sacred - create routines but modify them routinely.  Take the time to reflect on where the business is today, where it needs to  go, and what you have to change in order to get there. 
• Prioritize Wellness - some things should never be sacrificed. We create an environment that stretches everyone to grow and improve, which is fulfilling, but is only one part of a meaningful life.

Our estimated pay range for this role is $220,000 to $250,000. Base salary is determined by a variety of factors, including but not limited to, market data, location, internal equitability, and experience. 

We are committed to being a welcoming and inclusive workplace for everyone. We are intentional about making sure people feel respected, supported, and connected at work—regardless of who they are or where they come from. We value and celebrate our differences and believe being open about who we are allows us to do the best work.

We are an Equal Opportunity Employer. We do not discriminate against qualified applicants or employees on the basis of race, color, religion, gender identity, sex, sexual preference, sexual identity, pregnancy, national origin, ancestry, citizenship, age, marital status, physical disability, mental disability, medical condition, military status, or any other characteristic protected by federal, state, or local law, rule, or regulation.