Overview
We are seeking a highly skilled DevSecOps Engineer with expertise in integrating security practices into DevOps pipelines and cloud-native environments. You will be responsible for building secure, automated CI/CD processes, implementing security controls, and ensuring compliance across infrastructure and applications. The ideal candidate has a strong background in DevOps, cloud platforms, and security engineering, with hands-on experience in securing large-scale, distributed systems.
Details
Location : Remote in EU
Employment Type : Full-Time, B2B Contract
Start Date : ASAP
Language Requirements : Fluent English
Key Responsibilities
* Design and implement security automation in CI/CD pipelines for applications and infrastructure.
* Integrate static (SAST), dynamic (DAST), and dependency (SCA) security scanning tools.
* Collaborate with DevOps and engineering teams to ensure security best practices are embedded from design to deployment.
* Manage secrets, IAM, and encryption policies across cloud environments (AWS, Azure, GCP).
* Define and enforce compliance standards (ISO, SOC2, GDPR, HIPAA).
* Build monitoring and alerting systems for threat detection and vulnerability management.
* Implement container and Kubernetes security (runtime protection, image scanning, RBAC).
* Support penetration testing and incident response processes.
* Conduct security training and awareness for developers and operations teams.
Requirements
* 5+ years of experience in DevOps or Security Engineering, with at least 2+ years in DevSecOps.
* Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps).
* Hands-on expertise with security tools (SonarQube, Snyk, Checkmarx, Aqua, Prisma, Twistlock).
* Solid understanding of cloud platforms (AWS, Azure, GCP) and their security services.
* Experience with infrastructure-as-code (Terraform, CloudFormation, Ansible) and policy-as-code (OPA, Sentinel).
* Knowledge of containerization and orchestration security (Docker, Kubernetes).
* Familiarity with monitoring and logging tools (ELK, Prometheus, Grafana).
* Strong scripting/programming skills (Python, Bash, Go).
* Excellent problem-solving and communication skills.
Nice to Have
* Security certifications (CISSP, CISM, OSCP, CCSP, AWS/Azure/GCP Security).
* Experience with zero-trust architectures and microsegmentation.
* Familiarity with service mesh security (Istio, Linkerd).
* Knowledge of SIEM/SOAR platforms (Splunk, QRadar, Sentinel).
* Background in regulated industries (finance, healthcare, telecom).
* Contributions to security open-source projects or DevSecOps communities.
#J-18808-Ljbffr