Devsecops Engineer

Digitas Liquorice is the Connected Marketing agency, built on the principle that there are better ways for brands to connect with people. We leverage comprehensive data, technology, creative, media and strategy capabilities to deliver Media‑Fueled Creativity via connected Solutions that include Connected Campaigns, Social Marketing, Brand Experience, CRM & Loyalty, and Marketing Transformation. Digitas Liquorice South Africa has Head Offices in JHB and CT with over Unicorns delivering connected end‑to‑end solutions for our clients across SSA. Visit for more about us and what we do. We are also connected to Digitas Unicorns across over 30 countries and 50 offices around the world. Overview We are seeking a highly skilled DevSecOps Engineer to join our team in South Africa. The ideal candidate will be responsible for integrating security best practices into the software development lifecycle (SDLC) across multi‑cloud environments (Azure, GCP, AWS). They will work closely with development, operations, and security teams to ensure the secure, efficient, and continuous delivery of applications. This role requires strong expertise in Infrastructure as Code (IaC), automation, orchestration tools, and golden image management. The successful candidate will enhance security‑by‑design principles within CI / CD pipelines, implement OWASP Top 10 security measures, and enforce cloud‑native security best practices within fintech regulatory frameworks in South Africa. Responsibilities Cloud Security & Compliance Secure multi‑cloud environments (Azure, AWS, GCP) by implementing security automation and monitoring tools. Ensure compliance with financial security regulations (POPIA, PCI‑DSS, ISO, SOC 2). Conduct cloud security risk assessments and enforce security guardrails to prevent misconfigurations. Implement Zero Trust Security principles for IAM, RBAC, and secure access controls. CI / CD Security & Automation Design and integrate secure CI / CD pipelines, incorporating automated security testing (SAST, DAST, IAST). Implement secrets management, artifact integrity validation, and secure containerisation strategies. Automate security scans for vulnerabilities, dependencies and misconfigurations in Terraform, CloudFormation and Kubernetes manifests. Infrastructure as Code (IaC) & Orchestration Implement and manage IaC frameworks using Terraform, Ansible, Puppet and CloudFormation. Automate provisioning of Kubernetes clusters (EKS, AKS, GKE) and containerised workloads. Manage Docker, ECS and Kubernetes (EKS, GKE, AKS) security, ensuring adherence to best practices. Enforce immutable infrastructure principles through golden image management and automated patching strategies. Golden Image Management & Compliance Develop, maintain and enforce golden images for VMs, containers and cloud workloads. Automate image hardening using tools like Packer, CIS Benchmarks and OSSEC. Ensure compliance of golden images with security baselines and regulatory standards. Threat Detection & Response Implement SIEM / SOAR solutions for cloud‑native security monitoring and automated response. Identify, assess and remediate vulnerabilities using OWASP Top 10 and SANS 25 methodologies. Secure APIs using OAuth, JWT, OpenID Connect and enforce WAF security rules. Collaboration & Training Work closely with DevOps, Security and Engineering teams to embed security within the SDLC. Conduct secure coding and DevSecOps best practices training for developers and engineers. Advocate for "Shift Left Security" by integrating security from the earliest stages of development. Daily Duties Automate security hardening for cloud, infrastructure and applications. Monitor and maintain secure multi‑cloud environments (Azure, AWS, GCP). Enhance and secure CI / CD pipelines by integrating automated security testing tools. Perform vulnerability scanning, penetration testing and security incident analysis. Develop and maintain golden images for infrastructure and applications. Optimize Kubernetes security using RBAC, Pod Security Policies (PSP), Network Policies. Automate patch management and enforce container image scanning in Docker, EKS and ECS. Stay updated with emerging threats, security trends and DevSecOps innovations. Qualifications Must‑Have : 5-6+ years of experience in DevSecOps, Cloud Security or DevOps with a security focus. Expertise in Azure, AWS and GCP security services (e.g., AWS Security Hub, Azure Security Centre, GCP Security Command Centre). Strong knowledge of CI / CD tools (Jenkins, GitLab CI / CD, GitHub Actions, Azure DevOps). Proficiency in Infrastructure as Code (IaC) (Terraform, CloudFormation, Puppet, Ansible). Hands‑on experience with containerisation and orchestration (Docker, Kubernetes, EKS, ECS, GKE, AKS). Strong understanding of OWASP Top 10, SAST, DAST, IAST, API security best practices. Experience implementing secrets management (Vault, AWS Secrets Manager, Azure Key Vault). Proficiency in SIEM / SOAR platforms for security monitoring and incident response. Knowledge of Zero Trust security models, IAM, RBAC and secure networking. Nice‑to‑Have : Certifications such as AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CISSP, CISM, CEH. Experience in fintech security regulations (PCI‑DSS, SOC 2, ISO, POPIA). Familiarity with DevSecOps frameworks (NIST, CSA Cloud Controls Matrix, MITRE ATT&CK). Knowledge of blockchain security or smart contract security is a plus. Additional information Why Join Us? Work in a high impact fintech company shaping the future of digital finance in South Africa. Cutting‑edge technology stack leveraging cloud‑native security automation. Career growth opportunities with training, certifications and mentorship. Competitive salary & benefits tailored for top security professionals. Flexible work arrangements (remote / hybrid options available). #J-18808-Ljbffr