DevSecOps Engineer

We are looking for our first DevSecOps Engineer to strengthen the collaboration between our Engineering and Cybersecurity. As a DevSecOps Engineer, you will act as a liaison between software development, operations and security teams, promoting effective communication and implementation of security controls and compliance measures from the very beginning of the software development lifecycle. We’re looking for someone who has: Experience with Kubernetes, Docker, and container orchestration toolsProficient in infrastructure-as-code and automation tools like Terraform, Ansible, and CloudFormationStrong understanding of secure software development lifecycle (SSDLC) and shift-left security practicesSkilled in application security testing:

SAST, DAST, SCA using tools such as Snyk, GitHub Dependabot, SonarQube, SonarCloud, and KonduktoExperience with cloud security posture management (CSPM) and cloud workload protection (CWPP) toolsBackground in vulnerability management and security automation pipelinesUnderstanding of zero-trust networking, IAM, and micro-segmentation strategiesSupporting or participating in Red/Purple team exercises and security chaos engineeringProficient in scripting or programming (Python, Go, Bash) for automation and tooling developmentKnowledge of security frameworks and compliance standards such as ISO 27001, NIST CSF, GDPR, PCI-DSSWhat are the core skills and technologies this person needs to know?The ideal candidate will have hands-on experience with Kubernetes, Docker, and container orchestration platforms, alongside proficiency in infrastructure-as-code and automation tools such as Terraform, Ansible, or CloudFormation.

They will possess a strong understanding of the secure software development lifecycle (SSDLC) and shift-left security practices. Expertise in application security testing, including SAST, DAST, and software composition analysis (SCA), using tools like Snyk, GitHub Dependabot, and SonarQube is essential. Experience with cloud security posture management (CSPM) and cloud workload protection platforms (CWPP) is required, as well as a solid background in vulnerability management and building security automation pipelines. A understanding of zero-trust networking, identity and access management (IAM), and micro-segmentation strategies is needed.

The candidate should have supported or actively participated in red or purple team exercises and security chaos engineering to continuously test and improve defenses. Proficiency in scripting or programming languages such as Python, Go, or Bash is necessary for automation and tooling development. Finally, familiarity with security frameworks and compliance standards like ISO 27001, NIST CSF, GDPR, and PCI-DSS is expected to ensure regulatory alignment.