DevSecOps Engineer

Remote/Hybrid options available

Availability in BST hours

About the Role

We are seeking a highly skilled and proactive DevSecOps Engineer to champion a security-first culture within our fast-paced development and operations environment. The DevSecOps Engineer will be instrumental in embedding security practices from the initial design phase through to deployment and ongoing operations. This role requires a strong understanding of both development and operations processes, coupled with deep expertise in cybersecurity principles, automation, and cloud native technologies. You will work to automate security checks, identify vulnerabilities, and ensure our systems and applications are resilient against threats.

Key Responsibilities

Security Integration & Automation
  • Design, implement, and manage automated security controls and tools within CI/CD pipelines (e.g., SAST, DAST, SCA, IAST, secret scanning).
  • Integrate security testing and compliance checks seamlessly into the continuous integration and continuous deployment process.
  • Develop and maintain Infrastructure as Code (laC) security policies and automate remediation for misconfigurations.

Vulnerability Management & Risk Assessment
  • Conduct regular vulnerability assessments, penetration testing, and threat modeling to identify and prioritize security risks in applications and infrastructure.
  • Collaborate with development teams to analyze security findings, provide guidance on remediation, and implement secure coding practices.
  • Perform security reviews of application architectures, designs, and code.

Incident Response & Monitoring
  • Implement and manage security monitoring tools and dashboards (e.g., SIEM, log aggregation).
  • Monitor security metrics, identify anomalies, and respond to security incidents, perform root cause analysis and implementing corrective measures.
  • Contribute to the development and refinement of incident response plans and playbooks.

Security Best Practices & Compliance
  • Define, develop, and enforce security policies, standards, and best practices across the SDLC.
  • Ensure compliance with relevant industry regulations (e.g., CIS Benchmarks, GDPR, PCI-DSS, ISO 27001) and internal security policies.
  • Stay up to date with the latest security trends, threats, and vulnerabilities.

Collaboration & Culture
  • Foster a strong security-aware culture across development, operations, and business teams.
  • Educate and train engineers on secure coding practices, security tools, and DevSecOps principles.
  • Act as a security advocate, promoting "shift-left" security initiatives where security is considered from the very beginning of the development process.

Cloud Security
  • Secure cloud environments (Azure) including identity and access management (IAM), network security, data protection, and secure configuration of cloud services.
  • Implement and manage security for containerized environments (Docker, Kubernetes).

Must have Qualifications

Education
  • Bachelor’s degree in computer science, Cybersecurity ( Information Technology, or a related field, or equivalent practical experience.)

Experience
  • Proven experience in a DevSecOps, DevOps with a security focus, or Security Engineer role.

Technical Proficiency
  • Strong understanding of DevOps principles and practices (CI/CD, Git, Agile methodologies).
  • Proficiency in Azure with a strong understanding of their security offerings.
  • Solid scripting and programming skills (e.g., Python, Go, Bash, PowerShell).
  • Extensive experience with Infrastructure as Code (laC) tools (e.g., Bicep, Terraform, CloudFormation, Ansible).
  • Hands-on experience with containerization (Docker) and orchestration (Kubernetes).
  • Experience with various security tools and technologies for application security (SAST, DAST, SCA), network security, and endpoint security.
  • Knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and mitigation strategies
  • Familiarity with operating systems (Linux, Windows) and networking concepts.

Security Knowledge
  • Deep understanding of cybersecurity principles, threat modeling, risk assessment, and incident response.
  • Knowledge of security frameworks and compliance standards.

Soft Skills
  • Exceptional communication and collaboration skills, with the ability to bridge technical and non-technical stakeholders.
  • Strong analytical and problem-solving abilities.
  • Proactive, self-motivated, and able to work effectively in a fast-paced environment.
  • A continuous learner, passionate about staying ahead of emerging security threats and technologies

Preferred Qualifications (Nice to Have)
  • Relevant industry certifications (e.g., Certified DevSecOps Engineer, Azure DevOps Engineer Expert, Azure Security Engineer Associate, CISSP, CompTIA Security+).
  • Experience with specific security tools common in DevSecOps (e.g., SonarQube, Snyk, Aqua Security, Prisma Cloud, Burp Suite, Nessus).
  • Experience with serverless computing security.
  • Familiarity with security information and event management (SIEM) systems.
  • Experience in a regulated industry.

    Apply For This Position

    We respect your privacy and do not share your data with any third party by handling them responsibly in compliance with the laws. For more information, please read our Privacy Policy and Terms and Conditions.

    contact-image

    Get in Touch

    Find out how you can grow with our expertise.

    Contact Us