DevSecOps Engineer (Short-Term)

We are looking for a senior DevSecOps Engineer with a strong security-first mindset and experience in cryptography, identity, and hardened infrastructure. While our lead developer owns the AI Intent Parser and frontend experience, you will own delivery of the platform’s security and governance layer during the MVP phase, working closely with our lead architect. Scope of Responsibilities1. Cryptographic Identity (“Digital Passport”)Design and implement a W3C-compliant Decentralized Identifier (DID) and Verifiable Credential (VC) system to ensure that every platform command is cryptographically signed, role-bound, and auditable. 2. Dynamic Governance & Quorum LogicImplement the backend state machine for Dynamic Separation of Duties (SoD) by translating AI-generated risk scores into real-time approval requirements (for example, scaling from 1 to N approvers based on execution risk). 3. Hardened InfrastructureDesign and deploy a siloed, containerized execution environment using Docker and Kubernetes that isolates the core execution service from external attack surfaces. 4. Secrets & Access ControlIntegrate HashiCorp Vault for just-in-time (JIT) credential delivery across Windows (WinRM) and Linux (SSH) environments, eliminating static secrets. 5. System Attestation & IntegrityImplement runtime integrity controls, such as: environment hashing at container startup signed policy manifests enforced policy versioning during execution  Technical Stack (Current Direction) Languages: Python (FastAPI); Go or Rust preferred for security-critical components Security: HashiCorp Vault, W3C DID/VC standards, SHA-256 manifest signing Infrastructure: Docker, Kubernetes, PostgreSQL Execution: WinRM, SSH (Paramiko), REST APIs  The stack reflects our current direction. We are open to principled alternatives backed by strong security reasoning. What We Are Looking For Security-first practitioner: You design for adversarial environments, not happy paths. Distributed systems experience: You understand trust, identity, and state in containerized systems. AI-adjacent curiosity: You are interested in how AI systems can be safely governed in production. Ownership within scope: You take responsibility for delivery within a defined engagement.  NotesMVP-phase staff augmentation engagementClear scope ownership and accountabilityPotential for extension or expanded role based on delivery and mutual fit If this aligns with your background and availability, we would be glad to discuss timelines and engagement details, as we will need a quote very soon.