DevSecOps Engineer

Melbourne VIC, Australia
69 days ago

Description

A DevSecOps Engineer integrates security practices into every phase of the software development lifecycle. They ensure robust application and infrastructure security while enabling efficient DevOps workflows. This role requires expertise in security tools, cloud platforms, and automation frameworks, along with a proactive approach to identify and mitigate vulnerabilities.

Requirements

  • Education: Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
  • Experience:
    • 3+ years of experience in DevOps, cybersecurity, or related roles.
    • Hands-on experience with security tools (e.g., SonarQube, OWASP ZAP, Snyk).
    • Proficiency in scripting languages like Python, Bash, or PowerShell.
  • Technical Skills:
    • Strong knowledge of cloud platforms (AWS, Azure, GCP) and their security services.
    • Familiarity with containerization (Docker) and orchestration (Kubernetes).
    • Experience with CI/CD tools like Jenkins, GitLab, or GitHub Actions.
  • Certifications (Preferred):
    • Certified DevSecOps Professional, CISSP, CISM, or AWS Security Certification.

Bonuses

  • Annual performance-based bonuses.
  • Sign-on bonuses for exceptional candidates.
  • Referral bonuses for successful hires.

Benefits

  • Competitive salary with annual reviews.
  • Comprehensive health insurance (medical, dental, vision).
  • 401(k) retirement plan with employer contributions.
  • Paid time off (vacation, sick leave, personal days).
  • Professional development opportunities (training, certifications, conferences).
  • Flexible working hours and remote work options.
  • Wellness programs and mental health support.

Responsibilities

  • Security Integration:
    • Embed security controls into CI/CD pipelines and development workflows.
    • Implement automated security checks during code development, build, and deployment stages.
  • Threat Management:
    • Conduct regular vulnerability assessments and penetration testing.
    • Identify, prioritize, and remediate security vulnerabilities in applications and systems.
  • Collaboration:
    • Work closely with developers, DevOps engineers, and QA teams to promote a security-first culture.
    • Guide teams in secure coding practices and compliance with security policies.
  • Tooling & Automation:
    • Configure and maintain tools like SAST, DAST, and dependency scanning tools.
    • Develop scripts and automation to streamline security operations and monitoring.
  • Incident Response:
    • Assist in the detection, investigation, and resolution of security incidents.
    • Maintain incident response playbooks and perform regular incident simulations.
  • Monitoring & Reporting:
    • Monitor infrastructure and application security continuously.
    • Generate reports and dashboards for security metrics, vulnerabilities, and compliance status.
  • Compliance & Best Practices:
    • Ensure compliance with standards like ISO 27001, SOC 2, GDPR, or HIPAA.
    • Stay updated on emerging security threats and best practices.
Apply Now