Senior DevSecOps Security Specialist

About the role

The organization is looking for a senior security professional to lead DevSecOps initiatives across the software development lifecycle. You will embed security controls, automate assurance, and champion secure‑by‑design principles for cloud platforms, containers, and infrastructure.

Key responsibilities

• Design, implement and operate CI/CD security controls such as SAST, DAST, SCA, secret detection, license compliance and artifact signing.
• Develop automation scripts in Python, Bash or Go to integrate security tooling into pipelines and runtime environments.
• Maintain secure platform guardrails, hardened build agents, least‑privilege service accounts and segregation of duties.
• Manage vulnerability management workflows, including triage, risk‑based prioritisation, remediation SLAs and automated re‑testing.
• Establish secure configuration baselines for AWS, Azure, GCP, Kubernetes and IaC (Terraform, CloudFormation, ARM).
• Own software supply‑chain security: SBOM generation, dependency controls, secure package repositories and artifact provenance.
• Implement secrets management with centralized vaulting and automated rotation.
• Define and track DevSecOps metrics/KPIs and lead security tool onboarding and lifecycle management.
• Provide technical leadership, training and playbooks for developers and operations teams.

Required profile

• Proven experience leading DevSecOps or security‑automation programmes in complex environments.
• Strong understanding of cloud security, container hardening and infrastructure‑as‑code best practices.
• Ability to collaborate with engineering, operations and SOC/IR teams to drive measurable risk reduction.

Required skills

• Python, Bash, Go
• SAST, DAST, SCA, secret detection, license compliance, artifact signing
• AWS, Azure, GCP, IAM, logging, monitoring, key management
• Kubernetes, container image scanning, runtime policies, admission controls, RBAC, network policies
• Terraform, CloudFormation, ARM
• SBOM, dependency management, secure package repositories
• HashiCorp Vault (or equivalent secrets management)
• CI/CD pipeline tooling, SIEM, SOAR