DevSecOps Engineer

DevSecOps Engineer Location: Cape Town, Western Cape, South Africa Employment type: Full-time Seniority level: Mid‑Senior level Job function: Engineering and Information Technology About the Company: We’re a team of passionate primary care specialists, medics, data informatics and industry experts who have come together to create simple, intuitive technologies which revolutionise how medical data is digitally reported and transacted. Overview: We are seeking a skilled DevSecOps Engineer to join our dynamic team. In this role, you will be responsible for integrating security practices into our DevOps processes, ensuring that our software is both secure and delivered efficiently. You will work closely with development, operations, and security teams to automate security measures, conduct vulnerability assessments, and respond to security incidents in real‑time. This role offers the opportunity to make a significant impact on our company's security posture and contribute to the development of innovative solutions. Requirements: Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent experience/qualifications. Proven experience in a DevSecOps or related role. Proficiency in security and DevOps tools such as GitHub Actions, Docker, Kubernetes, and security scanning tools. Strong understanding of cloud platforms and platform engineering in general (preferably GCP as this is our main provider) and their security features. Experience with automation and scripting languages (e.g., Python, Zsh, Bash). Familiarity with continuous integration and continuous delivery (CI/CD) pipelines, particularly ArgoCD. Excellent problem‑solving and analytical skills. Strong communication and leadership abilities. Responsibilities: Integrate security best practices into the DevOps pipeline, ensuring secure software delivery particularly related to the OWASP top 10. Conduct regular vulnerability assessments and provide recommendations for remediation. Collaborate with external security audit teams and coordinate the fixes of findings. Collaborate with development, operations, and security teams to design and implement security solutions. Automate security processes, including vulnerability scanning, disaster recovery and incident response. Strong understanding of attack vectors, threat modelling and security design reviews. Monitor security metrics and prepare reports for stakeholders. Stay up‑to‑date with the latest security trends, threats, and technologies. Respond to security incidents and lead post‑incident investigations. Provide training and guidance to team members on security best practices. Must‑Have Skills Soft Skills Leadership: Ability to guide and mentor cross‑functional teams in security practices. Problem‑Solving: Strong analytical skills to identify and resolve complex security issues. Communication: Clear and effective communication with technical and non‑technical stakeholders. Attention to Detail: Meticulous approach to identifying and addressing security vulnerabilities. Collaboration: Ability to work effectively in a team environment and foster a culture of shared responsibility for security. Hard Skills 5+ years in cloud/K8s platform roles with 2+ years focused on security. Terraform at scale (modules, workspaces), plus policy‑as‑code. CI/CD experience (GitHub Actions/GitLab CI/Bitbucket Pipelines). Kubernetes runtime security (admission controllers, network policies, pod security, image provenance, secrets, PSP/PSS equivalents). WAF ownership and HTTP security hardening experience. Evidence‑oriented workstyle for ISO 27001 / NHS DSPT / UK‑GDPR. (You don’t need to be a compliance officer, but you know how to turn controls into audit artefacts.) Strong written communication; ability to influence and set guardrails without blocking delivery. Nice‑To‑Have Skills Understanding of AI security attack vectors Experience with NHS ecosystems (IM1 Pairing, UK‑Core FHIR) Datadog Logging/metrics, custom detectors, and cost‑aware log pipelines. Referrals increase your chances of interviewing at Medi2data by 2x #J-18808-Ljbffr