Lead Application Security Engineer ( DevSecOps)

Leading the future in luxury electric and mobility At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.   We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.   Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.We are seeking a highly skilled Sr SecDevOps Engineer with a strong background in cloud software service management and application security to join our dynamic team. In this role, you will play a crucial part in ensuring the reliability, scalability, and security of our software systems and digital experiences. You will work closely with the cross-functional teams to protect Lucid Motors’ applications, systems, and data. You will focus on automating and improving the security aspects of our code development and deployment practices as well as leading the application security triage and prioritization processes.


Roles and Responsibilities:

• Design, implement, and maintain infrastructure as code solutions for managing and protecting cloud resources, ensuring scalability, resilience and security
• Contribute to the security hardening efforts and producing sensible baseline configurations for all key Lucid Motors’ systems
• Lead the application security processes including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes
• Work closely with the development teams to promote best application security practices
• Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards including the remediation of the identified gaps in the security posture
• Contribute to the bug bounty triage and remediation processes

Minimum Qualifications:

• Bachelor's degree in computer science, Information Technology, or a related technical area
• 5+ years proven experience in DevOps, SRE, managing software service operations or related role
• 3+ years of experience in cloud environments. (AWS preferred)
• Proficient in Bash, Powershell or other scripting languages.
• Familiar with the Infrastructure as Code and “desired state” concepts including tools such as Terraform, Salt, Chef, Puppet etc
• Knowledge of common attack vectors including OWASP Top 10
• Experience in automating build and deployment infrastructure built on Kubernetes, Docker etc.
• Experience in python programming or other shell scripting language
• Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., git)
• Excellent problem-solving and communication skills

Preferred Qualifications:

• In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform)
• Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, ensuring high availability and performance
• Proficiency in application security assessments, penetration testing, red team, purple team

Lucid maintains your privacy according to its Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.   To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.