TrueML is hiring a DevSecOps Engineer based in Lenexa, Kansas, and the role carries significant responsibility. The company builds machine learning-powered financial software for distressed borrowers, which means security is not optional. Every line of code, every pipeline, and every cloud configuration carries real-world consequences for vulnerable consumers.
Landing this role requires more than listing security tools on a resume. TrueML wants someone who can architect security into the fabric of their engineering culture. Here is what you need to know before applying.
What TrueML Does and Why It Matters
TrueML is a mission-driven financial technology company using machine learning to improve experiences for people managing debt. The platform adjusts engagement strategies in real time based on customer behavior. That means sensitive financial data flows through complex, automated systems constantly.
Security failures at a company like TrueML would not just create technical problems. They could harm real people already in financial distress. The company's team includes data scientists, financial services veterans, and customer experience specialists. Understanding that mission helps you connect your security work to human outcomes during interviews.
What the Role Actually Requires
The Senior DevSecOps Engineer position sits at the crossroads of cloud infrastructure, application security, and software engineering. TrueML wants someone who can lead, not just execute. The job centers on embedding security throughout the entire software development lifecycle.
This is not a monitoring role. TrueML needs someone building and automating security from the ground up. The work spans CI/CD pipeline security, cloud architecture protection, and cross-team collaboration with engineering groups.
Core Technical Responsibilities
- Embedding SAST, SCA, DAST, IaC, and container security scanners into CI/CD pipelines
- Working across platforms like GitHub Actions, Jenkins, GitLab CI, and Azure DevOps
- Designing automated security workflows across build, test, and deploy stages
- Implementing security gates and policy enforcement inside pipelines
- Securing AWS cloud-native architectures including IAM, VPC, ECS, EKS, Lambda, S3, and API Gateway
- Operationalizing CNAPP and CSPM tools such as Wiz or Prisma Cloud
- Enforcing least privilege access, secrets management, and runtime protections
The AWS focus is significant. Candidates without hands-on AWS security experience will struggle to compete here. TrueML's infrastructure runs cloud-native, so abstract knowledge of cloud security concepts will not be enough on its own.
Skills TrueML Looks For
The job description reveals several non-negotiable technical areas. Automation is the core competency TrueML emphasizes above everything else. If you cannot write code that enforces security policies automatically, this role is not a fit.
Must-Have Technical Skills
- Deep experience with CI/CD pipeline security integration
- Proficiency in at least one major scripting or programming language for automation
- Hands-on AWS security, particularly IAM policies and cloud-native service hardening
- Experience with container security across ECS or EKS environments
- Working knowledge of infrastructure-as-code security scanning tools
- Familiarity with CNAPP or CSPM platforms in production environments
- Ability to design security gates that do not slow down developer workflows unnecessarily
Soft Skills That Differentiate Candidates
- Strong communication skills for partnering with non-security engineering teams
- Ability to translate security risks into business language for leadership
- Experience leading security initiatives rather than supporting them
- A developer-empathy mindset, meaning you understand how engineers think and work
TrueML uses machine learning at scale, so engineers who understand data pipeline security or ML model protection may have an additional edge. That combination of security expertise and ML awareness is rare and valuable in this specific context.
Understanding TrueML's Hiring Process
Financial technology companies with compliance obligations tend to run structured, multi-stage hiring processes. Based on the seniority of this role, candidates should expect several rounds of evaluation. Preparation for each stage matters significantly at this level.
Typical Stages to Expect
- Initial recruiter screen: A 30-minute call covering background, compensation expectations, and general fit with TrueML's mission
- Technical phone screen: A conversation with a security engineer testing your conceptual knowledge of DevSecOps principles and AWS security
- Technical assessment: Likely a take-home or live coding challenge focused on pipeline security, IaC scanning, or cloud configuration
- Panel interview: A deeper dive with engineering and security leadership covering system design, past projects, and cross-team collaboration
- Final executive or culture interview: Alignment with TrueML's mission and values, particularly around financial inclusion and responsible technology
Senior roles at fintech companies almost always include a system design component. Be ready to walk through how you would architect a secure CI/CD pipeline from scratch. Know your tradeoffs between security rigor and developer velocity.
How to Prepare for TrueML Interviews
Research matters before any interview, but it matters especially here. TrueML's mission around distressed borrowers is central to the company's identity. Interviewers want to see that you understand why security failures at this company carry human consequences, not just technical ones.
Prepare concrete examples from past work. Vague answers about "improving security posture" will not land well with a senior engineering panel. Specific stories about security gates you built, vulnerabilities you caught before production, or cross-team security programs you led will stand out far more.
Technical Topics to Study Before Your Interview
- AWS IAM policies, roles, and least privilege enforcement in practice
- How SAST and DAST tools integrate differently into pipeline stages
- Container security scanning with tools like Trivy, Snyk, or Aqua
- Secrets management approaches using AWS Secrets Manager or HashiCorp Vault
- The difference between CSPM and CNAPP and when each applies
- Real-world experience explaining security risk to product and engineering stakeholders
Practice explaining your work clearly and without excessive jargon. TrueML's team includes people from financial services and customer experience backgrounds. Security engineers who communicate only in technical shorthand often struggle in mission-driven company interviews.
How to Stand Out as a Candidate
The most competitive candidates for this role will demonstrate a bias toward automation and a developer-first security mindset. TrueML builds products at scale using machine learning, so security engineers who create friction will not thrive here.
Show evidence of building security programs, not just maintaining them. If you have GitHub repositories, blog posts, or conference talks on DevSecOps automation, bring them up. Concrete proof of senior-level thinking separates good candidates from great ones.
Connecting your security philosophy to TrueML's financial inclusion mission is also a differentiator. Few candidates take the time to link their technical work to a company's social purpose. Those who do leave a lasting impression on hiring teams at mission-driven organizations.
Tailoring your resume to mirror the exact language in the job description also improves your chances of passing automated screening tools. Use terms like "security automation," "CI/CD pipeline security," and "CNAPP" where they accurately reflect your experience. Honesty is essential, but strategic language alignment matters too.
Apply for the TrueML DevSecOps Engineer Role
The DevSecOps Engineer position at TrueML is a senior-level opportunity to lead security at a company doing meaningful work in financial technology. The role rewards engineers who build, automate, and collaborate rather than those who audit and observe from a distance.
Candidates who combine deep AWS security knowledge, CI/CD automation expertise, and a genuine connection to TrueML's mission will be the most competitive. Apply directly through the listing and prepare to demonstrate the depth of your experience at every stage. You can find the full job posting and application at https://remoteOK.com/remote-jobs/remote-devsecops-engineer-trueml-1133456.
