Job Description
Role Summary
• We are seeking a highly skilled DevSecOps Engineer with strong hands-on experience in secure DevOps practices and penetration testing. The ideal candidate will be responsible for embedding security across the CI/CD pipeline, cloud infrastructure, and application lifecycle while conducting regular vulnerability assessments and penetration testing across our digital assets.
• This role is critical in ensuring the confidentiality, integrity, and availability of our systems, particularly within a fintech and regulated environment.
Key Responsibilities
DevSecOps & Secure Engineering
• Integrate security controls into CI/CD pipelines.
• Implement and manage automated security testing SAST, DAST, SCA, IaC scanning.
• Secure containerized workloads Docker, Kubernetes.
• Harden cloud infrastructure AWS, Azure, GCP, etc..
• Implement Zero Trust security principles.
• Manage secrets, keys, and certificate lifecycle.
• Conduct code reviews with a focus on secure coding practices.
• Implement and maintain WAF, EDR, and cloud security tooling.
Penetration Testing & Vulnerability Management
• Conduct internal and external penetration testing web, mobile, API, cloud.
• Perform red team simulations and adversarial testing.
• Execute vulnerability assessments using industry tools.
• Identify, exploit where appropriate, and document security weaknesses.
• Provide remediation guidance to development and infrastructure teams.
• Conduct re-testing and validation of remediated vulnerabilities.
• Maintain a structured vulnerability management lifecycle.
Cloud & Infrastructure Security
• Secure multi-cloud environments.
• Implement infrastructure-as-code security controls.
• Monitor logs using SIEM tools and investigate security incidents.
• Ensure compliance alignment PCI-DSS, ISO 27001, NDPA, etc..
Governance & Reporting
• Develop security baselines and hardening standards.
• Prepare technical and executive-level security reports.
• Support regulatory and third-party audits.
• Develop and maintain security documentation and playbooks.
Required Qualifications
• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• 3 – 8 years of experience in DevOps, Security Engineering, or Penetration Testing.
• Strong understanding of secure SDLC.
• Strong knowledge of OWASP Top 10 and API security risks.
• Experience with Linux systems and scripting Bash, Python.
Hands-on experience with:
• CI/CD tools GitHub Actions, GitLab CI, Jenkins
• Cloud platforms AWS, Azure, or GCP
• Containerization Docker, Kubernetes
• SAST/DAST tools
• Infrastructure as Code Terraform, CloudFormation
Preferred Certifications
• OSCP / OSWE
• CEH
• AWS Security Specialty
• CISSP optional but advantageous
• ISO 27001 Lead Implementer / Auditor advantage
Technical Skills
• Web and API penetration testing
• Network penetration testing
• Cloud security testing
• Secure coding principles
• Threat modeling
• Log analysis and incident response
• Automation scripting
Soft Skills
• Strong analytical and problem-solving ability
• Excellent report writing and documentation skills
• Ability to communicate technical risks to executive leadership
• Strong cross-functional collaboration skills
• Proactive and security-first mindset
Key Performance Indicators KPIs
• Reduction in critical/high vulnerabilities
• Secure pipeline integration coverage
• Time-to-remediation for identified vulnerabilities
• Compliance audit readiness
• Security automation maturity level
• We are seeking a highly skilled DevSecOps Engineer with strong hands-on experience in secure DevOps practices and penetration testing. The ideal candidate will be responsible for embedding security across the CI/CD pipeline, cloud infrastructure, and application lifecycle while conducting regular vulnerability assessments and penetration testing across our digital assets.
• This role is critical in ensuring the confidentiality, integrity, and availability of our systems, particularly within a fintech and regulated environment.
Key Responsibilities
DevSecOps & Secure Engineering
• Integrate security controls into CI/CD pipelines.
• Implement and manage automated security testing SAST, DAST, SCA, IaC scanning.
• Secure containerized workloads Docker, Kubernetes.
• Harden cloud infrastructure AWS, Azure, GCP, etc..
• Implement Zero Trust security principles.
• Manage secrets, keys, and certificate lifecycle.
• Conduct code reviews with a focus on secure coding practices.
• Implement and maintain WAF, EDR, and cloud security tooling.
Penetration Testing & Vulnerability Management
• Conduct internal and external penetration testing web, mobile, API, cloud.
• Perform red team simulations and adversarial testing.
• Execute vulnerability assessments using industry tools.
• Identify, exploit where appropriate, and document security weaknesses.
• Provide remediation guidance to development and infrastructure teams.
• Conduct re-testing and validation of remediated vulnerabilities.
• Maintain a structured vulnerability management lifecycle.
Cloud & Infrastructure Security
• Secure multi-cloud environments.
• Implement infrastructure-as-code security controls.
• Monitor logs using SIEM tools and investigate security incidents.
• Ensure compliance alignment PCI-DSS, ISO 27001, NDPA, etc..
Governance & Reporting
• Develop security baselines and hardening standards.
• Prepare technical and executive-level security reports.
• Support regulatory and third-party audits.
• Develop and maintain security documentation and playbooks.
Required Qualifications
• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• 3 – 8 years of experience in DevOps, Security Engineering, or Penetration Testing.
• Strong understanding of secure SDLC.
• Strong knowledge of OWASP Top 10 and API security risks.
• Experience with Linux systems and scripting Bash, Python.
Hands-on experience with:
• CI/CD tools GitHub Actions, GitLab CI, Jenkins
• Cloud platforms AWS, Azure, or GCP
• Containerization Docker, Kubernetes
• SAST/DAST tools
• Infrastructure as Code Terraform, CloudFormation
Preferred Certifications
• OSCP / OSWE
• CEH
• AWS Security Specialty
• CISSP optional but advantageous
• ISO 27001 Lead Implementer / Auditor advantage
Technical Skills
• Web and API penetration testing
• Network penetration testing
• Cloud security testing
• Secure coding principles
• Threat modeling
• Log analysis and incident response
• Automation scripting
Soft Skills
• Strong analytical and problem-solving ability
• Excellent report writing and documentation skills
• Ability to communicate technical risks to executive leadership
• Strong cross-functional collaboration skills
• Proactive and security-first mindset
Key Performance Indicators KPIs
• Reduction in critical/high vulnerabilities
• Secure pipeline integration coverage
• Time-to-remediation for identified vulnerabilities
• Compliance audit readiness
• Security automation maturity level
Sponsored
