DevSecOps Engineer at Publicis Groupe

Overview

• We are seeking a highly skilled DevSecOps Engineer to join our team in South Africa.
• The ideal candidate will be responsible for integrating security best practices into the software development lifecycle (SDLC) across multi-cloud environments (Azure, GCP, AWS). They will work closely with development, operations, and security teams to ensure the secure, efficient, and continuous delivery of applications.
• This role requires strong expertise in Infrastructure as Code (IaC), automation, orchestration tools, and golden image management.
• The successful candidate will enhance security-by-design principles within CI/CD pipelines, implement OWASP Top 10 security measures, and enforce cloud-native security best practices within fintech regulatory frameworks in South Africa.

Responsibilities

Cloud Security & Compliance

• Secure multi-cloud environments (Azure, AWS, GCP) by implementing security automation and monitoring tools.
• Ensure compliance with financial security regulations (POPIA, PCI-DSS, ISO 27001, SOC 2).
• Conduct cloud security risk assessments and enforce security guardrails to prevent misconfigurations.
• Implement Zero Trust Security principles for IAM, RBAC, and secure access controls.

CI/CD Security & Automation

• Design and integrate secure CI/CD pipelines, incorporating automated security testing (SAST, DAST, IAST).
• Implement secrets management, artifact integrity validation, and secure containerization strategies.
• Automate security scans for vulnerabilities, dependencies, and misconfigurations in Terraform, CloudFormation, and Kubernetes manifests.

 Infrastructure as Code (IaC) & Orchestration

• Implement and manage IaC frameworks using Terraform, Ansible, Puppet, and CloudFormation.
• Automate provisioning of Kubernetes clusters (EKS, AKS, GKE) and containerized workloads.
• Manage Docker, ECS, and Kubernetes (EKS, GKE, AKS) security, ensuring adherence to best practices.
• Enforce immutable infrastructure principles through golden image management and automated patching strategies.

Golden Image Management & Compliance

• Develop, maintain, and enforce golden images for VMs, containers, and cloud workloads.
• Automate image hardening using tools like Packer, CIS Benchmarks, and OSSEC.
• Ensure compliance of golden images with security baselines and regulatory standards.

Threat Detection & Response

• Implement SIEM/SOAR solutions for cloud-native security monitoring and automated response.
• Identify, assess, and remediate vulnerabilities using OWASP Top 10 and SANS 25 methodologies.
• Secure APIs using OAuth, JWT, OpenID Connect, and enforce WAF security rules.

Collaboration & Training

• Work closely with DevOps, Security, and Engineering teams to embed security within the SDLC.
• Conduct secure coding and DevSecOps best practices training for developers and engineers.
• Advocate for "Shift Left Security" by integrating security from the earliest stages of development.

Daily Duties

• Automate security hardening for cloud, infrastructure, and applications.
• Monitor and maintain secure multi-cloud environments (Azure, AWS, GCP).
• Enhance and secure CI/CD pipelines by integrating automated security testing tools.
• Perform vulnerability scanning, penetration testing, and security incident analysis.
• Develop and maintain golden images for infrastructure and applications.
• Optimize Kubernetes security using RBAC, Pod Security Policies (PSP), Network Policies.
• Automate patch management and enforce container image scanning in Docker, EKS, and ECS.
• Stay updated with emerging threats, security trends, and DevSecOps innovations.

Qualifications

Must-Have:

• 5-6+ years of experience in DevSecOps, Cloud Security, or DevOps with a security focus.
• Expertise in Azure, AWS, and GCP security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center).
• Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps).
• Proficiency in Infrastructure as Code (IaC) (Terraform, CloudFormation, Puppet, Ansible).
• Hands-on experience with containerization and orchestration (Docker, Kubernetes, EKS, ECS, GKE, AKS).
• Strong understanding of OWASP Top 10, SAST, DAST, IAST, API security best practices.
• Experience implementing secrets management (Vault, AWS Secrets Manager, Azure Key Vault).
• Proficiency in SIEM/SOAR platforms for security monitoring and incident response.
• Knowledge of Zero Trust security models, IAM, RBAC, and secure networking.

Nice-to-Have:

• Certifications such as AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CISSP, CISM, CEH.
• Experience in fintech security regulations (PCI-DSS, SOC 2, ISO 27001, POPIA).
• Familiarity with DevSecOps frameworks (NIST 800-53, CSA Cloud Controls Matrix, MITRE ATT&CK).
• Knowledge of blockchain security or smart contract security is a plus.