DevSecOps Engineer

We're Osome - an international fintech startup making the lives of entrepreneurs easier. We help thousands of businesses kick admin, accounting and bookkeeping out of their day-to-day, so they can spend more time on what's important to them. We've developed a unique solution that combines SaaS with a human-in-the-loop approach to provide full-fledged services in real-time.

We're experiencing tremendous growth in both clients and team members. We have over 500 people in our global offices 🌎. We're looking for more bright minds who'd love to change the world by solving complex problems. 

What you'll do:

⭐ Implement and manage security best practices across CI/CD pipelines, infrastructure, and application development.

⭐ Design, build, and maintain secure cloud infrastructure, ensuring compliance with security frameworks and industry standards.

⭐ Integrate security automation tools into DevOps workflows, including SAST, DAST, dependency scanning, and container security.

⭐ Develop and enforce Infrastructure as Code (IaC) security policies, ensuring secure provisioning and configuration management using Terraform, CloudFormation, or similar tools.

⭐ Monitor, detect, and respond to security threats, leveraging SIEM solutions, logging, and alerting tools.

⭐ Lead security incident response efforts, performing forensic analysis, root cause investigation, and implementing remediation strategies.

⭐ Harden and secure APIs, applications, and cloud environments, ensuring authentication, encryption, and access control best practices.

⭐ Collaborate with development teams to implement secure coding practices, conduct threat modeling, and mitigate vulnerabilities.

⭐ Ensure compliance with security standards like ISO 27001, SOC 2, NIST, GDPR, and other regulatory requirements.

⭐ Conduct security audits and penetration testing, identifying vulnerabilities and ensuring remediation.

⭐ Optimize CI/CD pipelines with security in mind, automating security testing and policy enforcement.

⭐ Improve cloud security posture by implementing least privilege access, IAM best practices, and secure networking policies.

⭐ Stay ahead of emerging security threats and technologies, continuously enhancing the security landscape.

Who you are:

⭐ 4+ years experience as a DevOps or DevSecOps engineer.

⭐ Strong experience in DevSecOps, with a background in security engineering, cloud security, or DevOps security.

⭐ Proficiency in cloud platforms (AWS, GCP, or Azure) and security tools like AWS Security Hub, GuardDuty, IAM, and VPC security groups.

⭐ Deep knowledge of CI/CD security best practices, including GitHub Actions, GitLab CI, Jenkins, or similar pipelines.

⭐ Experience with Infrastructure as Code (IaC) security, using Terraform, CloudFormation, or Ansible.

⭐ Expertise in security tools and automation, including SAST (SonarQube, Snyk), DAST (OWASP ZAP, Burp Suite), and container security (Trivy, Aqua Security).

⭐ Strong scripting and automation skills, using Python, Bash, or PowerShell for security automation.

⭐ Understanding of Kubernetes security, including pod security policies, network policies, and RBAC.

⭐ Knowledge of API security, OAuth, JWT, mTLS, and secure authentication methods.

⭐ Preferred Experience with security compliance frameworks like ISO 27001, SOC 2, PCI-DSS, and GDPR.

⭐ Proven ability to identify and remediate vulnerabilities, applying DevSecOps principles at scale.

⭐ Ability to work cross-functionally, collaborating with engineering, IT, and compliance teams to drive security initiatives.

Our Benefits 🙌

Osome grows alongside you, but we already have a few perks:

⭐ The opportunity to join a goal-driven startup with big ambitions

⭐ An open, inclusive working environment, with founders deeply-rooted in the startup space

⭐ An agile working model focused on goals and performance

⭐ International environment with diverse culture

⭐ Competitive remuneration package

⭐ Remote-first and flexible working arrangements

Equal Opportunity Statement

At OSOME, creating a culture where individuals of all backgrounds feel comfortable really matters.

Everyone who applies will receive fair consideration for employment. We do not discriminate based upon race, colour, religion, sex, sexual orientation, age, marital status, gender identity, national origin, disability, or any other applicable legally protected characteristics in the location in which the candidate is applying. We want to ensure that we represent the diversity of talent in the society we live in today.

If you have any accessibility requirements that would make you more comfortable during the application and interview process, please let us know so that we can support you.