DevSecOps Engineer at DigiOutsource

Why we need you

• We’re on a mission to create extraordinary experiences for our customers, and we believe that your unique skills, passion and SuperDrive will help us achieve our vision.
• As a DevSecOps Engineer you’ll be supporting the delivery of secure coding initiates, combining offensive and defensive methodologies to ensure top quality software.
• Your work will help us excel by delivering a secure product to build trust and stay ahead of the game.

What you’ll be doing

As part of your role, your responsibilities will include:

• Partner with internal teams to ensure timely remediation of prioritized vulnerabilities
• Conduct application security testing to identify and mitigate vulnerabilities
• Oversee the operation and continuous improvement of Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST) tools.
• Develop, maintain, and enhance Software Bills of Materials (SBOMs) to manage software supply chain risks
• Establish and evolve application security maturity frameworks (e.g., OWASP SAMM) to guide program development
• Drive secure cloud operations by aligning infrastructure monitoring with best practice frameworks and cloud provider benchmarks
• Embed and continuously monitor security services in CI/CD workflows to enable automated security checks throughout the development lifecycle
• Maintain and upgrade existing security systems to ensure optimal performance and protection
• Foster a security-first mindset within DevOps and development teams through collaboration and awareness initiatives
• This job description is not intended to be an exhaustive list of responsibilities. You may be required to complete other reasonable duties in order to achieve business objectives.

Essential skills you’ll bring to the table

The necessary skills that we require for this role include:

• 3+ years in DevOps, Security Engineering, or related roles 
• Background in software development or secure coding 
• Strong experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD)
• Strong verbal and written communication skills, with the ability to convey complex ideas clearly and effectively
• Proficiency in scripting languages (e.g., Python, Bash) 
• Experience working collaboratively in cross-functional teams, with a focus on achieving shared goals
• Expertise in managing multiple projects simultaneously, with a track record of delivering on time and within scope
• Exceptional attention to detail, ensuring high standards of quality in all outputs
• Ability to adapt quickly to changing environments and priorities, maintaining effectiveness in dynamic situations
• Experience with Application security testing and vulnerability identification and prioritization
• Experience with container security and vulnerability detection and remediation
• Experienced in working with major cloud platforms, such as AWS and Azure
• Working knowledge of Infrastructure as Code (IaC) tools such as Terraform and AWS CloudFormation
• Solid grasp of security best practices and compliance frameworks (e.g., ISO, SOC2, NIST)  

Desirable skills you’ve got up your sleeve

• Passion for collaboration with external parties to ensure secure product lifecycles
• Familiarity with security tools (e.g., Snyk, SonarQube, OWASP ZAP) 
• Highly self-driven with a strong focus on achieving measurable outcomes
• Driven by curiosity and a proactive approach to staying current with emerging technologies and security trends
• Hands-on experience with application security testing tools such as Burp Suite for manual and automated vulnerability discovery