Specialist: Devsecops

**When it comes to putting people first, we're number 1.**

The number 1 Top Employer in South Africa.
Certified by the Top Employer Institute 2025.

**Role Purpose/Business Unit**:
The primary purpose of the role is the implementation and continuous improvement of the DevSecOps programme within Vodacom South Africa, ensuring alignment with the Cyber Health and Adaptive Risk Method (CHARM) control 14.2.5-A DevSecOps. In this role you will work within a team of DevSecOps professionals and collaborate with Secure by Design, Security and Enterprise Architecture and DevOps Teams to:

- Implement, operation and ongoing improvement of the DevSecOps Security Chapter and Champions model across technology Development teams to create the cultural shift that will underpin the DevSecOps capability.
- Implement automated scanning tools including SAST, SCA, DAST, and secret scanning and other more advanced security scanning capabilities.
- Assist with the standardization and security approval of CI/CD toolchains, ensuring all development tools are compliant with policy, SPDA approved and integrated with ASPM (Application security Posture Management) tool and DevSecOps processes.

This role will involve working with Busines unit, Cyber and IT stakeholders in Vodacom South Africa to implement and operate Cyber Security DevSecOps CHARM requirements - Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.

**Your responsibilities will include**:
**Culture - Security Champions Programme**
- Implementation and ongoing management and improvement of the Security Chapter and Champions programme across technology teams.
- Ensure every agile DevOps/DevSecOps team has appointed Chapter Leads and Security Champions.
- Collaborate with DevSecOps Specialists and provide guidance to Cyber Security Officers to ensure they support Chapter Leads and Champions effectively.
- Facilitate completion and ongoing re-evaluation of DevSecOps Maturity across DevSecOps teams.
- Drive completion of DevSecOps Learning Pathway for all Chapter Leads and Champions.
- Facilitate monthly Chapter meetings and feedback sessions to track progress and maturity.
- Promote a culture of security awareness and collaboration across teams.
- Track and report on the effectiveness of the Champions model and identify areas for improvement.
- Support the creation and maintenance of training materials and structured learning paths.

**Security-approved CI/CD Toolchain**
- Drive the migration to a standardised CI/CD pipeline using an Enterprise selected and security approved toolset in collaboration with Enterprise Architecture and Platform Engineering.
- Discover, Identify and record all DevSecOps tooling being used by Development Teams across the organisation.
- Maintain an inventory of tools used across teams and ensure compliance with security policies.
- Collaborate with Platform Engineering, Enterprise Architecture, Cybersecurity and Development Teams to embed security controls in the pipeline and design secure SDLC patterns.
- Identified and Discovered DevSecOps tooling should be integrated with ASPM tooling and channelled through SPDA, where applicable or retired for teams to move to approved tooling.
- Ensure security assessments are passed to and conducted by the Secure by Design on CI/CD pipelines to meet CHARM 14.2.5-A requirements.
- Provide guidance on secure tool usage and integration across development environments.

**Automated Scanning, Remediating, and Reporting of Vulnerabilities**
- Assist with the implementation of automated scanning tools including SAST, SCA, DAST, and secret scanning.
- Support the rollout of scanning capabilities and ensure coverage across all teams.
- Collaborate with teams to define and implement vulnerability management processes.
- Develop and maintain real-time/near real-time vulnerability dashboards.
- Work with Chapter Leads and Champions to continuously improve security posture and maturity.
- Align vulnerability remediation with DevSecOps maturity to target a state where critical and high vulnerabilities are remediated prior to code release into production environments.
- Track vulnerability debt and ensure reduction targets are met.
- 3-year Technical Diploma/Degree in Information Security, Computer Science or Engineering
- Minimum of 3-5 years of experience in Cyber Security role
- Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS etc.
- A deep understanding of Technology Security risks and mitigating solutions
- A diverse security background with knowledge and experience in three or more of the Security Domains including: Security Assessment and Testing; Software Development Security; Security Governance and Risk Management; Security Architecture and Engineering; Communication and Network Securit