Role Overview
The Senior / Lead DevSecOps Engineer is a hands-on technical leader responsible for embedding a security-first mindset throughout the software development lifecycle. This role blends deep expertise in security, development, and operations to drive adoption of DevSecOps practices across engineering teams.
The successful candidate will design, implement, and automate security controls that protect critical applications and infrastructure while ensuring development agility. Experience working in regulated industries, particularly banking or financial services, is a strong advantage.
Key Responsibilities
A. DevSecOps Strategy and Implementation
Secure CI / CD Pipelines : Design, build, and maintain automated, secure CI / CD pipelines with integrated security testing and validation tools.
Infrastructure as Code (IaC) Security : Define and enforce security standards in IaC using tools like Terraform or CloudFormation. Implement automated scanning and compliance validation.
Secrets Management : Deploy and manage secure systems for secrets, keys, and credentials (e.g., HashiCorp Vault, AWS / Azure Secrets Manager).
Security Automation : Automate security-related processes such as configuration management, vulnerability scanning, patching, and compliance verification.
B. Security Governance and Compliance
Regulatory Alignment : Ensure all practices and systems comply with relevant standards such as PCI DSS, SOC 2, NIST, GDPR, and internal audit or risk frameworks.
Threat Modeling and Risk Assessment : Lead proactive threat modeling early in the SDLC to identify and mitigate potential vulnerabilities.
Continuous Monitoring : Implement and maintain continuous monitoring, logging, and alerting using SIEM and related tools to detect and respond to threats in real time.
C. Collaboration, Mentorship, and Incident Support
Cross-Functional Collaboration : Work closely with Development, Operations, and Security teams to ensure a shared understanding of security ownership.
Mentorship : Coach and train engineers on secure coding practices, DevSecOps principles, and integrated security tooling.
Incident Response : Support the SOC during security incidents, providing deep technical expertise for containment, root cause analysis, and automated remediation.
Senior Engineer • Taguig, National Capital Region, PH