DevSecOps Engineer, CI/CD Security Implementation

Role Overview

• You will be writing YAML, configuring tools, and committing code
• SAST – Static Application Security Testing
• Integrate SonarQube into GitHub Actions for code quality and security scanning
• Configure quality gates and security rules for Python, R, and PHP codebases
• Set up branch analysis and PR decoration
• Implement Snyk for dependency vulnerability scanning in CI pipelines
• Configure Snyk for Python, R, and PHP projects
• Set up automated fix PRs and vulnerability tracking
• Integrate Snyk with GitHub for continuous monitoring
• Configure AWS ECR Enhanced Scanning for container images
• Set up ECR scan-on-push and findings routing to Security Hub
• Create Dockerfile security best practices and base image guidelines
• Configure GitHub secret scanning and push protection
• Implement pre-commit hooks
• Set up AWS Secrets Manager integration patterns for applications
• Create security gates that block deployments on critical/high findings
• Configure severity thresholds and exception workflows
• Document all configurations for ISO 27001 audit evidence

Requirements

• GitHub Actions: writing and maintaining complex workflows
• SonarQube: setup, configuration, quality gates, CI integration
• Snyk: dependency scanning, GitHub integration, fix automation
• Container scanning: ECR scanning, or similar tools
• AWS: ECR, Security Hub, Secrets Manager
• Python: enough to understand and review Python code for security
• Nice to Have
• DAST implementation (OWASP ZAP automation)
• ISO 27001 compliance documentation experience
• AWS GuardDuty and Inspector configuration
• GitHub Advanced Security features
• AWS Certified Security – Specialty

Tech Stack

• AWS
• PHP
• Python

Benefits

• Remote work and flexible working hours
• Competitive compensation
• Professional onboarding to help you have an ideal start with us
• Being part of a meaningful mission to a more sustainable future
• The opportunity to work independently