Job Specifications
We're looking for a highly skilled DevSecOps Consultant to embed security into every phase of the software development lifecycle for our client. If you're passionate about securing modern applications, cloud environments, and CI/CD pipelines--and you're excited by the idea of working across development, DevOps, and security--this role offers the perfect blend of challenge and impact.
Your Role & Responsibilities
You'll play a key role in integrating cybersecurity into agile and automated development environments. Your daily missions will include:
Embedding security practices across the SDLC, from design through to production, using automated controls and team training.
Conducting code reviews, security audits, and penetration testing on applications, networks, cloud platforms, and containers to identify and document vulnerabilities.
Implementing and managing CI/CD pipelines that integrate automated security tools (e.g., SAST, DAST, vulnerability scanners).
Designing and applying security policies, secure development guidelines, and compliance frameworks (e.g., GDPR, ISO 27001).
Automating and executing penetration test scenarios to assess real-world resilience.
Supporting development, DevOps, and operations teams through training and awareness on vulnerability detection and remediation.
Drafting detailed reports on attack simulations, vulnerability impact, and remediation plans.
Performing internal and external penetration testing campaigns ethically and in line with current regulations.
Ensuring all testing traces are safely cleaned and alerting relevant teams of any critical security breach.
Technical Skills & Environment
You'll operate in a complex, cloud-native and containerized landscape. Strong knowledge in the following areas is essential:
Development with technologies like .NET, Blazor, NodeJS.
Proficiency in DevOps and automation tools: Git, GitLab CI, Jenkins, Ansible, Terraform, Docker, Kubernetes.
Scripting in Python, Bash, PowerShell for automated security testing and deployment.
Deep knowledge of security testing tools: Burp Suite, OWASP ZAP, Metasploit, Nessus, Nmap.
Strong grasp of application security principles (OWASP Top 10, encryption, authentication, access control, vulnerability management).
Experience with cloud environments (AWS, Azure, GCP) and securing virtualized or containerized systems.
Network protocols, OS-level security (Linux, Windows), and security standards expertise.
Ability to perform advanced risk analysis and leverage open-source intelligence (OSINT).
The Ideal Candidate
You'll thrive in this role if you bring a mix of technical expertise, autonomy, and collaborative spirit. Our client is looking for someone who:
Has at least 3-5 years of experience in application security, DevOps, or software testing.
Demonstrates rigorous attention to detail and prioritizes confidentiality and compliance.
Is proactive, adaptable under pressure, and driven by problem-solving and innovation.
Communicates clearly with both technical and non-technical teams; able to educate others on security best practices.
Is self-motivated, curious, and keeps up with the latest threats and tools in cybersecurity.
Holds (or is working toward) certifications like OSCP, CEH, CISSP, Azure Security, or DevSecOps Foundation.