Location: Remote (RO)
Employment Type: Freelance/6 months

Role Overview

We are seeking an experienced DevSecOps Engineer to embed security into the software development lifecycle (SDLC) and automate secure practices within CI/CD pipelines. You will work closely with developers to promote secure coding, conduct application security testing, and enhance cloud-native security across dynamic DevOps environments.

Key Responsibilities

• Integrate security controls throughout all SDLC stages.

• Perform SAST, DAST, and SCA testing using tools like SonarQube, Checkmarx, Veracode, OWASP ZAP.

• Automate security validation within CI/CD workflows (Jenkins, GitHub Actions, Azure DevOps).

• Conduct threat modeling, secure code reviews, and manual penetration testing.

• Implement and monitor container and cloud security (Docker, Kubernetes, AWS, Azure, GCP).

• Deliver security training and awareness sessions for development teams.

• Establish and maintain security documentation, playbooks, and champion programs.

Requirements

• 2-4 years of hands-on experience in application security or DevSecOps.

• Proficiency in at least one programming language (Java, Python, JavaScript, Go, .NET).

• Experience with CI/CD, containerization, and IaC (Terraform, CloudFormation).

• Deep understanding of OWASP Top 10, secure coding, and cryptographic principles.

• Strong collaboration and problem-solving skills.

• Eligible for UK SC Clearance.

Preferred Certifications

• CSSLP, GWEB, or Certified DevSecOps Engineer.

• Cloud Security (AWS, Azure, or GCP Security Specialty).