DevSecOps Engineer

DevSecOps Engineer Job Description Template

Our company is looking for a DevSecOps Engineer to join our team.


  • Stay up to date with the latest application security developments and security trends to continually improve internal processes;
  • Instil and foster uptake of DevSecOps practices through meaningful engagement with the engineering teams;
  • Creating, iterating, and optimizing internal tooling to allow the team to move faster and remain agile;
  • Handle incident response in case of a security breach;
  • Support the development of security operations for monitoring, testing, auditing, and regulatory compliance;
  • Identify security threats by conducting continual monitoring, penetration testing, vulnerability assessments, and audit log analysis;
  • Build and maintain the overall security integrity of the cloud environments;
  • Remediate identified vulnerabilities;
  • Conduct internal security audits and execute remediation plans;
  • Protect assets spanning across infrastructure, platform, CI/CD pipelines and applications;
  • Deploy and administer security monitoring tools for the SecOps team, and perform frequent risk assessments;
  • Collaborating with engineers to build a continuous delivery environment that will support the technical needs of our roadmap;
  • Respond to security incidents by conducting incident response activities involving containment to remediation and lessons learnt;
  • Design and implement mechanisms that efficiently identify and mitigate security risks within the existing DevOps workstreams;
  • Work with development teams to improve the secure software development lifecycle.


  • Certifications relevant to the role;
  • In-depth understanding of the methods of technical attack and how these can be detected in a digital environment;
  • Contribution of papers or talks to conferences, or similar;
  • Software development and scripting skills;
  • Deep knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus;
  • Solid experience with IDS/IPS/DLP tools and construction of customised signatures for complex microservices;
  • Experience in programming or scripting languages;
  • Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems;
  • Communicating risk in a nuanced manner to inform business decisions;
  • Knowledge of security monitoring, prevention and control systems including anti-virus, web proxies and security software;
  • Experience in the industry performing similar roles;
  • Ability to assess and analyse wide range information to draw conclusions on how to improve the security of our systems;
  • Hardening of orchestrator and container technologies, i.e.: Kubernetes and Docker;
  • Significant experience in managing and patching vulnerabilities across a host of assets;
  • Understanding of security considerations around RESTful APIs.