DevSecOps Engineer

We are looking for our first DevSecOps Engineer to strengthen the collaboration between our Engineering and Cybersecurity. As a DevSecOps Engineer, you will act as a liaison between software development, operations and security teams, promoting effective communication and implementation of security controls and compliance measures from the very beginning of the software development lifecycle.

We’re looking for someone who has:

• Experience with Kubernetes, Docker, and container orchestration tools
• Proficient in infrastructure-as-code and automation tools like Terraform, Ansible, and CloudFormation
• Strong understanding of secure software development lifecycle (SSDLC) and shift-left security practices
• Skilled in application security testing: SAST, DAST, SCA using tools such as Snyk, GitHub Dependabot, SonarQube, SonarCloud, and Kondukto
• Experience with cloud security posture management (CSPM) and cloud workload protection (CWPP) tools
• Background in vulnerability management and security automation pipelines
• Understanding of zero-trust networking, IAM, and micro-segmentation strategies
• Supporting or participating in Red/Purple team exercises and security chaos engineering
• Proficient in scripting or programming (Python, Go, Bash) for automation and tooling development
• Knowledge of security frameworks and compliance standards such as ISO 27001, NIST CSF, GDPR, PCI-DSS

• The ideal candidate will have hands-on experience with Kubernetes, Docker, and container orchestration platforms, alongside proficiency in infrastructure-as-code and automation tools such as Terraform, Ansible, or CloudFormation. 
• They will possess a strong understanding of the secure software development lifecycle (SSDLC) and shift-left security practices. 
• Expertise in application security testing, including SAST, DAST, and software composition analysis (SCA), using tools like Snyk, GitHub Dependabot, and SonarQube is essential.
• Experience with cloud security posture management (CSPM) and cloud workload protection platforms (CWPP) is required, as well as a solid background in vulnerability management and building security automation pipelines. A understanding of zero-trust networking, identity and access management (IAM), and micro-segmentation strategies is needed.
• The candidate should have supported or actively participated in red or purple team exercises and security chaos engineering to continuously test and improve defenses.
• Proficiency in scripting or programming languages such as Python, Go, or Bash is necessary for automation and tooling development.
• Finally, familiarity with security frameworks and compliance standards like ISO 27001, NIST CSF, GDPR, and PCI-DSS is expected to ensure regulatory alignment.