404 Assembly

📍 Remote | 🕒 Full-time | 🌐 Project from scratch

We’re building a new, security-sensitive journalism platform in a confidential environment.
The product itself is not cybersecurity software — but it will operate under very strict security, compliance, and communication protocols.

We are looking for an experienced DevOps / SecOps Engineer who can design, implement, and maintain a secure infrastructure for a greenfield web platform. This person will play a foundational role in establishing the architecture, CI/CD pipelines, access control systems, and overall security posture of the project.

🧭 Role Overview

You will be responsible for:

• Architecting secure infrastructure (multi-environment, access-controlled, auditable).
• Implementing defense-in-depth principles across infrastructure, CI/CD, and application layers.
• Setting up secure CI/CD pipelines with secrets management and least privilege policies.
• Designing network isolation, zero-trust access, and secure communication workflows for all team members.
• Ensuring compliance with industry security frameworks and standards.
• Supporting security audits, penetration tests, and incident response procedures.

✅ Requirements

• 4+ years of professional experience in DevOps / SecOps / Infrastructure roles.
• Proven experience designing and managing secure architectures for production systems with sensitive data.
• Deep understanding of cloud security best practices (AWS / GCP / Azure), including:
  • VPC segmentation, private networking, security groups
  • IAM and role-based access control (RBAC)
  • Key & secret management (Vault, SSM, KMS, etc.)
• Expertise with secure CI/CD pipelines, including:
  • Secrets rotation
  • Signed artifacts and integrity checks
  • Static/dynamic security scanning and policy enforcement
• Experience implementing:
  • Zero-trust principles
  • Network & environment isolation
  • Secure artifact repositories and registries
• Solid understanding of secure SDLC frameworks and collaboration with development teams.
• Practical experience with security hardening (OS, containers, network).
• Familiarity with incident response, intrusion detection, monitoring, and log aggregation.
• Hands-on experience with compliance frameworks (ISO 27001, SOC 2, GDPR, NIST, or similar).

🧱 Nice to Have

• Background in penetration testing, threat modeling, or security assessments.
• Experience with Kubernetes security (OPA, PodSecurityPolicies, Admission Controllers).
• Familiarity with automated vulnerability management tools.
• Previous work in journalism, NGO, or sensitive-data environments.
• Certifications such as CISSP, CCSP, AWS Security Specialty, or equivalent are a plus.

🔐 Security & Communication

• All operations and communications occur over secure, encrypted channels.
• Infrastructure will follow zero-trust and least privilege principles.
• You will define access control, audit policies, and environment segregation from day one.
• You’ll be the key security authority inside the project team.

🚀 Why Join

• Build the entire infrastructure from scratch with full technical influence.
• Work in a compact, senior team on a meaningful journalism project.
• Define secure architecture and DevOps culture from day one.
• Growth path toward Security Lead / Infrastructure Lead as the platform scales.

We are building a new high-impact CRM platform operating in an extremely sensitive, high-security environment.

While the product itself is not a cybersecurity tool, it will handle confidential data and communications, requiring uncompromising discipline in secure development, and controlled access across every layer of the backend infrastructure.

The project follows a Spec-Driven Development (SDD) methodology — all functionality is defined, documented, and validated before implementation.

All code is preffered to be developed in LLM-assisted environments (e.g. Cursor, VS Code + Copilot) using Model Context Protocols (MCPs) to ensure rapid, accurate, and traceable delivery.

Our mission: high-velocity, high-quality, fully secure backend code within a tightly isolated development ecosystem.

✅ Core Requirements

• 4+ years of professional back-end development experience with Node.js / Nest.js (TypeScript preferred).
• Proven track record of building secure, scalable API-driven systems, microservices, and modular architectures from the ground up.
• Solid command of relational databases (PostgreSQL, MySQL) and ORM tools (Prisma, TypeORM).
• Proficiency in REST / GraphQL API design, integration, and testing.
• Experience with authentication, authorization, and access control mechanisms (JWT, OAuth2, RBAC).
• Confident in asynchronous processing, job queues, and event-driven systems.
• Working knowledge of Docker, containerized workflows, and basic CI/CD pipelines.
• Competence with testing frameworks (Jest, Mocha, Supertest) and maintaining reliable test coverage.
• Experience with Spec-Driven Development (SDD) — implementing precisely from specs and maintaining traceability across all tasks.
• Proficiency in LLM-assisted workflows (Cursor, Copilot, Claude, GPT, etc.) for coding, testing, and refactoring.
• Understanding of Model Context Protocols (MCPs) — and how they integrate with AI-assisted development environments.
• Solid grasp of secure SDLC principles:
  • Secrets & credential management
  • Encrypted data storage and transmission
  • Access control & privilege isolation
  • Secure CI/CD pipelines and deployments
  • Code audit & compliance readiness
• Highly self-managed and delivery-oriented mindset.

⚙️ Responsibilities 

• Implement and maintain secure, high-performance backend modules following detailed specs.
• Integrate APIs, data models, and services within the defined system architecture.
• Collaborate with analysts and QA to ensure every delivery meets spec and security standards.
• Use AI-assisted tools (Cursor, Copilot, MCPs) to improve speed, consistency, and maintainability.
• Participate in code reviews and contribute to continuous improvement of backend architecture.
• Maintain clear, versioned documentation aligned with SDD processes.

🧱 Nice to Have

• Experience in microservices, event-driven systems, or message queues (RabbitMQ, Kafka).
• Familiarity with DevOps tools (Docker Compose, GitHub Actions, Render, Vercel, etc.).
• Exposure to cryptography, secure APIs, or compliance-driven systems.
• Experience with high-load optimization or real-time data handling.
• Background in cybersecurity, penetration testing, or threat modeling.
• Mentorship or leadership experience within small distributed teams.

We are developing a high-impact CRM platform operating in an extremely sensitive, high-security environment.

While not a cybersecurity product, it handles confidential data and communications, demanding strict discipline in secure development, and access control at every layer of the stack.

The project uses a Spec-Driven Development (SDD) methodology — each feature is precisely documented, versioned, and validated before implementation.

All development happens within LLM-assisted environments (e.g. Cursor, VS Code + Copilot) with Model Context Protocols (MCPs) to maintain speed, consistency, and traceability.

Our goal: to deliver fast, secure, and spec-compliant front-end interfaces that integrate seamlessly with a sensitive, isolated backend.

✅ Core Requirements

• 4+ years of professional experience in front-end development using React.js and/or Next.js.
• Strong proficiency with TypeScript and modern JavaScript (ES6+).
• Familiarity with design systems and component libraries such as Untitled UI and/or Chakra UI, MUI, Tailwind, etc..
• Experience implementing pixel-perfect, responsive, and accessible UI components from Figma or detailed design systems (also with using Figma MCP).
• Deep understanding of React Hooks, Context API, state management (Redux / Zustand / Recoil), and SSR/SSG principles.
• Experience with Next.js routing, data fetching, and API integration.
• Confident in API integration, error handling, and data flow management between client and backend.
• Strong understanding of component architecture, modularity, and performance optimization.
• Experience with secure client-side practices, including:
  • Safe data handling and sanitization
  • Token and session management
  • Obfuscation and access isolation
  • Secure local storage management
• Practical experience with testing frameworks (Jest, React Testing Library, Cypress).
• Familiarity with Git-based workflows, Dockerized environments, and CI/CD integration.
• Comfortable working in a Spec-Driven Development (SDD) process — implementing features exactly as defined in technical specs.
• Experience using LLM-assisted tools (Cursor, Copilot, Claude, GPT, etc.) for development, refactoring, and documentation.
• Understanding of Model Context Protocols (MCPs) and context management for AI-assisted workflows.
• Writes clean, modular, and maintainable front-end code aligned with performance, accessibility, and security standards.
• Comfortable collaborating in a privacy-first, air-gapped, or restricted-access development ecosystem.

⚙️ Responsibilities

• Build and maintain secure, scalable front-end modules using React / Next.js within the SDD workflow.
• Implement interfaces directly from specifications and UI mockups, ensuring fidelity and consistency.
• Integrate APIs and handle real-time or async data flows securely.
• Use LLM-assisted environments (Cursor, Copilot, MCPs) to optimize development speed and precision.
• Collaborate with backend and QA to ensure end-to-end feature alignment and security compliance.
• Conduct and participate in code reviews and continuous improvement discussions.
• Document all deliverables clearly within the SDD framework.

🔒 Security & Operational Protocols

• All development occurs in isolated, encrypted environments (VMs, containers, or secure workspaces).
• Repository access is role-based, logged, and audited.
• All commits, builds, and deployments are traceable but de-personalized.
• Documentation and tickets are sanitized for sensitive data.

🧱 Nice to Have

• Experience with Next.js App Router, Server Actions, and Edge rendering.
• Background in secure frontend architecture, data obfuscation, or anti-tamper practices.
• Experience with real-time data (WebSockets, SSE, or GraphQL subscriptions).
• Exposure to DevOps pipelines, Docker, and deployment automation.
• Interest in cybersecurity, privacy tech, or air-gapped development environments.