DevSecOps Engineer

2 people

Job description

As a DevSecOps Engineer at UNEY, you will work closely with development, operations, and security teams to design, implement, and maintain secure and compliant CI/CD pipelines and infrastructure. Your main scope will be included but not limited to:

  • Collaborate with development, operations, and security teams to integrate security best practices into our DevOps processes and workflows.
  • Implement and automate security controls and compliance checks throughout the development and deployment lifecycle.
  • Design and implement secure CI/CD pipelines for building, testing, and deploying software, incorporating security testing tools such as SAST, DAST, and IAST.
  • Implement and manage infrastructure as code (IaC) using tools such as Terraform, CloudFormation, or Ansible, ensuring security best practices are followed.
  • Automate security scanning and vulnerability management processes for applications, containers, and cloud resources.
  • Implement and manage security monitoring, logging, and alerting systems to detect and respond to security incidents.
  • Conduct security assessments and penetration testing of applications, infrastructure, and cloud environments.
  • Ensure compliance with industry standards and regulations such as GDPR, HIPAA, PCI-DSS, and SOC 2.
  • Provide guidance and support to development and operations teams on secure coding practices, security tools, and security best practices.
  • Stay up-to-date with emerging security threats, vulnerabilities, and best practices, and implement appropriate measures to mitigate risks.


  • Bachelor's or Master's degree in Computer Science, Software Engineering, Information Security, or a related field.
  • Proven experience as a DevSecOps Engineer or similar role, with a strong background in software development, operations, and security.
  • Proficiency in scripting and programming languages such as Python, Bash, or Go.
  • Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform, including hands-on experience with security services and controls.
  • Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or CircleCI, and version control systems such as Git.
  • Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible, and containerization technologies such as Docker and Kubernetes.
  • Strong understanding of security principles, standards, and best practices, including OWASP Top 10, CIS Benchmarks, and NIST Cybersecurity Framework.
  • Experience with security testing tools such as static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST) tools.
  • Experience with security monitoring and logging tools such as SIEM, IDS/IPS, and security information and event management (SIEM) systems.
  • Excellent problem-solving skills and the ability to troubleshoot complex technical issues.
  • Strong communication and collaboration skills, with the ability to work effectively in a cross-functional team environment.

What services are you interested in from us?