DevSecOps Engineer

A DevSecOps Engineer with security knowledge focuses primarily on streamlining development and operations processes while incorporating essential security practices. This role emphasizes automation, continuous integration/deployment, and infrastructure management, with security awareness integrated throughout the development lifecycle.

Technical Skills Requirements:

Core DevSecOps Engineer Expertise

• CI/CD Pipelines: Advanced experience with Jenkins, GitLab CI, GitHub Actions, Azure DevOps
• Infrastructure as Code: Terraform, CloudFormation, Ansible, Puppet, Chef
• Containerization: Docker, Kubernetes, container orchestration and management
• Version Control: Advanced Git workflows, branching strategies, and repository management
• Automation: Scripting and automation across development and deployment processes

Development & Operations

• Programming Languages: Proficiency in Python, Bash, PowerShell, Go, or JavaScript
• Configuration Management: Ansible, Puppet, Chef for system configuration
• Monitoring & Logging: Prometheus, Grafana, ELK Stack, DataDog, New Relic
• Cloud Platforms: AWS, Azure, Google Cloud Platform services and management
• Database Management: Understanding of database deployment and management

Security Knowledge (Secondary Focus)

• Security Fundamentals: Basic understanding of OWASP Top 10 and common vulnerabilities
• Secure Configuration: Implementing security best practices in infrastructure setup
• Access Management: IAM, RBAC, and basic identity management principles
• Security Scanning: Integration of basic security tools into CI/CD pipelines
• Compliance Awareness: Understanding of common compliance requirements (SOC 2, PCI DSS)

Primary DevSecOps Engineer Tools

• CI/CD Platforms: Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps, CircleCI
• Infrastructure Tools: Terraform, CloudFormation, Ansible, Kubernetes, Docker
• Monitoring Solutions: Prometheus, Grafana, ELK Stack, Splunk, DataDog
• Cloud Services: AWS EC2/S3/RDS, Azure VMs/Storage, GCP Compute/Storage
• Collaboration Tools: Jira, Confluence, Slack, Microsoft Teams

Security-Aware Tools

• Basic Security Scanners: SonarQube, OWASP ZAP, basic vulnerability scanners
• Secret Management: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
• Container Security: Basic container scanning tools and security practices
• Access Control: Understanding of IAM tools and basic security configurations

DevSecOps Engineer Culture

• Collaboration: Strong ability to work between development and operations teams
• Automation Mindset: Focus on automating repetitive tasks and processes
• Continuous Improvement: Drive for optimizing processes and reducing manual work
• Problem-Solving: Quick troubleshooting and resolution of system issues

Communication & Leadership

• Cross-functional Communication: Effective communication with diverse technical teams
• Documentation: Create clear operational procedures and system documentation
• Mentoring: Guide team members on DevOps best practices and security awareness
• Change Management: Help teams adapt to new processes and tools

Primary DevSecOps Engineer Functions

• Design and maintain CI/CD pipelines for efficient software delivery
• Implement Infrastructure as Code for scalable and repeatable deployments
• Monitor system performance and implement alerting mechanisms
• Automate deployment, scaling, and management of applications
• Manage cloud infrastructure and optimize costs

Security Integration

• Incorporate basic security checks into deployment pipelines
• Implement secure configuration management practices
• Ensure proper access controls and permissions
• Conduct basic security assessments of infrastructure
• Maintain awareness of security best practices in DevOps processes

Operational Excellence

• Ensure high availability and reliability of systems
• Implement disaster recovery and backup strategies
• Optimize system performance and resource utilization
• Manage incident response and system troubleshooting
• Maintain system documentation and runbooks

Certifications (Preferred)

DevSecOps Engineer Certifications

• AWS Certified DevOps Engineer – Professional
• Azure DevOps Engineer Expert
• Google Cloud Professional DevOps Engineer
• Docker Certified Associate
• Certified Kubernetes Administrator (CKA)

Cloud Platform Certifications

• AWS Certified Solutions Architect
• Azure Solutions Architect Expert
• Google Cloud Professional Cloud Architect

Security Awareness Certifications

• CompTIA Security+
• AWS Certified Security – Specialty (beneficial but not required)
• CISSP Associate (entry-level security knowledge)

Experience Requirements

Professional Background

• 3-5 years in software development, system administration, or DevOps
• 2+ years hands-on experience with CI/CD pipeline implementation
• Experience with cloud platforms and infrastructure management
• Background in agile development environments
• Basic understanding of security principles and practices

Project Experience

• Implemented automated deployment pipelines
• Optimized system performance and reliability
• Collaborated on security-conscious development practices

Key Performance Indicators

DevSecOps Engineer Metrics

• Deployment frequency and success rates
• Mean time to recovery (MTTR) from incidents
• Lead time for changes from development to production
• System uptime and availability metrics
• Infrastructure cost optimization

Security-Aware Metrics

• Basic security scan pass rates in pipelines
• Incident response time for security-related issues
• Compliance with basic security configurations
• Security training and awareness completion

Skills Development Focus

Primary Areas (80% focus)

• Advanced automation and scripting
• Cloud platform expertise
• Container orchestration mastery
• Infrastructure optimization
• System reliability engineering

Secondary Areas (20% focus)

• Security best practices integration
• Compliance and governance understanding
• Basic threat assessment capabilities
• Security tool integration
• Risk awareness in operations

We are seeking a highly motivated DevSecOps Engineer with a strong understanding of security principles to contribute to the enhancement of our development and operations processes.
Please note: you must reside in Cape Town for occasional meet ups.