Senior DevSecOps engineer

About the company

The transition to a sustainable future requires discovering new mineral resources to power clean technologies and renewable energy solutions. From lithium for electric vehicle batteries, to copper for wind turbines, and rare earth elements for electronics — these minerals are the building blocks of our energy transition. Lithosquare radically speeds up mineral exploration by combining foundational AI, geological expertise, and real-world data — to reduce uncertainty, prioritize the right targets, reduce costs and accelerate discovery. Based in Paris, Lithosquare gathered an exceptional team of geologists, scientists, AI engineers, and data specialists to work as one — from field sampling to model optimization — and push the boundaries of what’s possible.

About the job

As a Senior DevSecOps engineer, you will own the platform that runs our Geology OS and the services around it: multi-environment Kubernetes estates, infrastructure as code, GitOps delivery, and the observability and security practices that keep exploration and AI workloads reliable. Your mission is to turn clear engineering standards into repeatable automation — safe changes, fast recovery, and strong guardrails for sensitive data. You will work closely with Software, AI, Data and Product Engineers to make the path from commit to production predictable and auditable, and to evolve our stack (cloud networking, identity, CI/CD, monitoring, and cost-aware operations) as the company scales. We value practical security (least privilege, secrets hygiene, supply-chain awareness) and operational clarity (SLOs, runbooks, incident learning). The role is based in Paris with a flexible remote working policy.

What you’ll do

• Platform & IaC: design and maintain Terraform (and related automation) for networking, identity, data services, and shared platform components across dev / staging / production and supporting accounts or projects.
• Kubernetes operations: operate and improve clusters for internal and production-facing workloads: ingress, TLS, storage patterns, workload identity, and sane defaults for reliability and cost.
• GitOps & delivery: evolve declarative cluster configuration and safe promotion patterns so platform and application changes are reviewable, traceable, and rollback-friendly.
• CI/CD: own pipelines that plan, review, and apply infrastructure changes with strong gates (formatting, plans, approvals where appropriate) and keyless/OIDC-style authentication to clouds where possible.
• Observability & SRE practices: maintain metrics, logging, and dashboards; define SLOs and alerting that reduce noise; drive post-incident improvements and capacity/cost awareness.
• Security & compliance: embed security in the delivery lifecycle: RBAC, secrets management, image and dependency hygiene, and alignment with how we handle sensitive exploration and research data.
• Resilience: backup/restore and disaster-recovery patterns for stateful platform services; practice restores and document runbooks.
• Developer experience: streamline how engineers obtain environments, access internal tools (analytics, notebooks, workflow engines), and debug production-like issues — without compromising isolation or security.
• Cross-functional collaboration: partner with AI, data, and geology stakeholders to translate their needs into durable platform contracts (SLAs, interfaces, quotas, and guardrails).
• Tech advocacy: evaluate and adopt open-source and cloud-native tooling that improves safety, speed, or operability — with a bias for boring technology that scales.
• Corporate IT & security governance: own the internal IT landscape, including Identity and Access Management (IAM) for SaaS tools, device management (MDM), and office networking.

Technical Stack

• Languages & scripting: Python, Bash, YAML; comfort reading HCL (Terraform).
• Cloud & multi-cloud: strong hands-on with at least one major hyperscaler; experience with multiple clouds or providers is a plus (networking, IAM, managed data primitives).
• Containers & orchestration: Docker, Kubernetes (production experience), Helm/Kustomize-style composition as used in GitOps repos.
• IaC & GitOps: Terraform; Flux (or equivalent GitOps controller) mindset: reconciled desired state, PR-based change flow.
• CI/CD: GitHub Actions or similar; OIDC/workload identity patterns for cloud access; artifact and image promotion practices.
• Networking & edge: ingress controllers, certificates (e.g. cert-manager class of tooling), internal vs external exposure patterns.
• Observability: Prometheus-compatible metrics stacks, Grafana; pragmatic log and trace strategies.
• Data-adjacent platform: comfort supporting workflow engines, analytics/BI, and notebook or research environments as platform workloads (not necessarily owning the data models themselves).
• IT Automation: experience with MDM solutions, Identity Providers, and Zero Trust networking

What we are looking for

• 5+ years in DevOps, SRE, or platform engineering, with a track record of operating production systems (not only building demos).
• Kubernetes depth: scheduling, networking, storage, upgrades, debugging; understanding failure modes and blast radius.
• Terraform discipline: modules, state, workspaces or equivalent patterns; safe change management and code review culture for infra.
• Security mindset: threat modeling at a practical level; secrets and identity done right; comfortable saying “no” or “not yet” when a shortcut creates durable risk.
• SRE habits: SLIs/SLOs, alerting design, incident response, and toil reduction through automation.
• Holistic ownership: you don't see a distinction between ‘the apps being down’ and ‘the team being locked out of their tools’ - you take pride in the productivity and security of the entire organization.
• Communication: you can explain trade-offs to non-infra engineers and document decisions so the team can onboard and operate without heroics.
• Mission-driven: genuine interest in the energy transition and in supporting hard, physical-world problems with dependable software platforms.

Perks & Benefits

• 🏢 Offices located in the heart of Paris
• 🌱 Strong culture of ownership & entrepreneurship, with clear growth paths as the company expand
• 🌍 Opportunity to significantly contribute to energy transition
• 👥 Collaborative work environment with world-class experts in geology, AI, and data science
• 🔄 Flexible work arrangements enabling work-life balance
• 💰 Competitive salary package
• 🍽️ Meal vouchers and premium health insurance coverage (Alan)

Join Lithosquare and help build the reliable, secure platform behind AI-driven Earth exploration - so our science and product teams can move fast without breaking trust or availability.