DevSecOps Engineer

We’re Doctify

Doctify is a global HealthTech leader building the largest global network of validated healthcare providers and experts. Our mission is to help millions of patients around the world find the right doctor or clinic when they need care.

Backed by $30m+ in funding and operating across 5 countries, we’ve already supported over 100 million patients and we’re just getting started.

We are passionate about creating very secure, high-performing, and user-friendly web applications that drive business success and user satisfaction. 

About The Role 

We are seeking a hands-on DevSecOps Engineer to join our agile and collaborative team. You will be responsible for embedding security into every stage of our software development lifecycle, ensuring our SaaS cloud platform is robust, secure, and scalable. 

The role is ideal for someone who lives and breathes on all the latest development in the internet security domain, thrives in a fast-paced environment, and enjoys working closely with development and operations to automate, monitor, and secure our cloud infrastructure and code base. 

You’ll Be Responsible For 

• Integrating security practices into CI/CD pipelines, automating security checks, and vulnerability assessments throughout the development and deployment process 
• Collaborating with developers and operations to design, implement, and maintain secure cloud-based infrastructure on AWS and GCP 
• Automating infrastructure provisioning and configuration using Terraform and Infrastructure as Code tools 
• Monitoring and responding to security incidents, manage logging, and conduct root cause analysis for system vulnerabilities 
• Conducting regular code reviews and threat modelling to identify and mitigate potential security risks early in the development lifecycle 
• Supporting and educating the team on secure coding practices, security frameworks, and common vulnerabilities 
• Maintaining and improving security documentation, policies, and incident response plans 
• Implementing and monitoring security controls in cloud environments, including container security (Docker/Kubernetes), and access management 
• Writing code to fix security vulnerabilities discovered in applications, APIs, and infrastructure 
• Code reviews and refactoring applications to eliminate security weaknesses like SQL injection, XSS, authentication bypasses, and data exposure issues 
• Creating monitoring and alerting systems that automatically detect and respond to security incidents in real-time 
• Building security testing frameworks and writing automated tests that verify security controls are working correctly 
• Developing internal security tools and dashboards to help the team track and manage security issues across our platform 
• Partnering closely with developers to teach secure coding practices and help them to fix security bugs in their code 

About You 

You will have - 

• Experience with cloud platforms (AWS, GCP), and cloud security best practices 
• Familiarity with CI/CD tools (e.g., Gitlab, GitHub, or Similar) and security scanning tools (e.g., SAST, DAST, OWASP) 
• An understanding of containerisation (Docker, Kubernetes), and related security considerations 
• Previous experience in a SaaS or cloud-based product environment 
• Strong Linux background 
• Proven development experience with Node.js, and Python is a desirable but not required
• Hands-on experience fixing security vulnerabilities in web applications and APIs
• API security development - OAuth, JWT, rate limiting, input validation, secure data serialisation 
• An understanding and practical experience with ISO 27001 standard aspects 
• Strong communication skills and a collaborative, problem-solving approach

Join Us 

If you are passionate about helping shape the security culture and practices of a growing SaaS business, and looking for the opportunity to work across the full stack of modern DevSecOps tools, and methodologies, we’d love to hear from you!