Mistral· Engineering & Infra· Paris
CyberSecurity Engineer, DevSecOps
Classified Tasks (25)
Automate 4%Augment 80%Human-Only 16%
Automate (1)
Fully handled by AI agents
Generate SBOMs and track CVEs for software components
operational
Augment (20)
AI assists, human decides
Maintain the security posture of AI infrastructure and the application lifecycle
operational
Embed security controls into CI/CD pipelines, infrastructure environments, and developer workflows without compromising deployment velocity
technical
Conduct threat modeling exercises for core infrastructure and new products
analytical
Prioritize security risks identified through threat modeling and assessments
analytical
Own end-to-end vulnerability management across CI/CD pipelines and runtime environments for infrastructure and applications
operational
Monitor, triage, and remediate vulnerabilities in CI/CD pipelines and runtime environments
operational
Secure Kubernetes deployments and containerized workloads
technical
Implement pod hardening measures to prevent lateral movement across distributed systems
technical
Implement node hardening measures to prevent lateral movement across distributed systems
technical
Define Infrastructure-as-Code security by building Terraform guardrails
technical
Integrate policy-as-code into deployment pipelines to enforce IaC security
technical
Execute and manage CNAPP and CSPM tooling deployments and operations
operational
Deploy, tune, and operate SAST and SCA tools
operational
Implement and operate secrets management solutions
technical
Build secure defaults for developer environments and workflows
technical
Streamline remediation workflows to accelerate vulnerability resolution by developers
operational
Draft actionable security guidelines and developer-facing documentation
communication
Build foundational security automation to scale with company growth
technical
Automate security controls and workflows to minimize manual overhead
technical
Integrate diverse security tools into developer workflows via scripting and automation
technical
Human-Only (4)
Requires human judgment
Architect the security posture of AI infrastructure and the application lifecycle
technical
Serve as the security counterpart in system-design reviews for core infrastructure and new products
communication
Design a comprehensive security tooling strategy covering CNAPP, CSPM, SAST, SCA, secrets management, and SBOM-CVE tracking
leadership
Establish a pragmatic security culture by codifying processes and enabling developer-centric security practices
leadership
Job description
About Mistral At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life. We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work. We are a dynamic, collaborative team passionate about AI and its potential to transform society. Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited. Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers . Role summary Mistral AI is looking for a DevSecOps Engineer to architect and maintain the security posture of our rapidly scaling AI infrastructure and application lifecycle. You will treat security as a seamless enabler for our research and engineering teams. Your objective is to embed robust security controls into our CI/CD pipelines, infrastructure environments, and developer workflows, without compromising deployment velocity. What you will do • Drive threat modeling and risk prioritization exercises, serving as the security counterpart to system-design reviews for our core infrastructure and new products. • Own end-to-end vulnerability management across CI/CD pipelines and runtime environments, covering both underlying infrastructure and applications. • Secure our Kubernetes deployments and containerized workloads, implementing advanced pod and node hardening to prevent lateral movement across distributed systems. • Define and enforce Infrastructure-as-Code security by building robust Terraform guardrails and integrating policy-as-code directly into deployment pipelines. • Design and execute a comprehensive security tooling strategy, managing solutions for CNAPP, CSPM, SAST, SCA, secrets management, and SBOM-CVE tracking. • Champion developer enablement by building secure defaults, streamlining remediation workflows, and drafting actionable security guidelines. • Build foundational security automation to scale alongside hyper-growth, minimizing manual overhead while establishing a pragmatic security culture from the ground up. About you • 5+ years of experience in DevSecOps, Security Engineering, or Cloud Security, ideally acting as an early security hire in a fast-paced or hyper-scale environment. • Deep understanding of Kubernetes and container security, alongside strong experience securing Infrastructure-as-Code (Terraform) across major cloud providers. • Strong programming and scripting skills (Python, Go, or similar) to build security automation and seamlessly integrate diverse security tools into the developer workflow. • Extensive experience deploying and tuning modern security tooling with a pragmatic approach to vulnerability management and threat modeling. • Strong communication skills with a proven track record of partnering with developers and researchers to embed secure defaults without creating engineering friction. Hiring Process • Introduction call - 30 min • Hiring Manager interview - 30 min • Technical Rounds - Scripting Interview - 45 min - Dee-Dive interview - 55 min • Culture-fit discussion - 30 min • References By applying, you agree to our Applicant Privacy Policy .