What You’ll Do:
Serve as a key technical advisor for the DevSecOps strategy for the engineering teams.Lead the planning and implementation of a comprehensive DevSecOps roadmap to mature our security posture.Foster a culture of security as a shared responsibility across all engineering teams.Mentor and coach engineers on secure coding practices, threat modeling, and vulnerability management.Design, build, and maintain secure CI/CD pipelines, embedding security controls throughout the SDLC.Lead technical implementation workstreams and mentor engineers on advanced security concepts.Partner with development teams to embed security into engineering culture and processes.Influence without direct authority, driving adoption of secure development practices across teams.Develop and implement automation for security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).Write secure, scalable, and maintainable code in languages such as Python, Go, or Java to build automation tools and security solutions.Manage and secure infrastructure using Infrastructure as Code (IaC) tools like Terraform or CloudFormation.Conduct threat modeling and risk assessments for new and existing applications.Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings.Collaborate with engineering teams to integrate security controls into application architectures and designs.Act as the primary point of contact for all security-related matters within the engineering organization.Communicate complex cybersecurity concepts and risks to technical and non-technical stakeholders, including senior leadership.Influence and drive consensus on security priorities and investments.Prepare and present reports on the health of the DevSecOps program, including key metrics and KPIs.Communicate a clear technical vision to executive leadership and cross-functional stakeholders.Champion a security-first mindset while enabling rapid innovation and delivery. What You’ll Need:
Minimum of 7-10 years of experience in software engineering, DevOps, or a related technical role, with a strong focus on cybersecurity.Proven experience in a lead or senior-level role, with a track record of driving large-scale security initiatives.Demonstrated hands-on experience in building and securing CI/CD pipelines and cloud-native applications.Experience working in a hybrid agile & waterfall environment and a deep understanding of the software development lifecycle (SDLC).Proficiency in at least one major programming language (, Python, Go, Java, or similar).Expertise in CI/CD platforms such as Jenkins, or GitHub Actions.Strong knowledge of cloud platforms (Azure, AWS or GCP) and their native security services.Hands-on experience with containerization and orchestration technologies like Docker and Kubernetes.Deep understanding of security tools and practices, including SAST, DAST, SCA, secrets management & scanning.Familiarity with security frameworks and standards (, OWASP Top 10, NIST, ISO 27001).Proficiency with Infrastructure as Code (IaC) tools (, Terraform).Exceptional communication and presentation skills.Strong leadership and mentoring abilities.Excellent problem-solving and critical-thinking skills.Proven ability to influence and collaborate with cross-functional teams and senior management.High degree of adaptability and a continuous learning mindset.Certified Information Systems Security Professional (CISSP) is a plus.Certified DevSecOps Professional (CDP) is a plus.Azure/AWS Certified Security - Specialty or other cloud-specific security certifications are a plus.GIAC certifications (, GCSA, GWEB) are a plus. What We’ll Provide:
Opportunity to work on the cutting edge of digital engineering practicesCollaborative and fast-paced work environmentBe at the forefront of shaping our company's digital future #LI-DNI
#LI-NF1
Please click here Apply, if you are keen to apply for this job.
Thank you for your interest in SP Group.
You will be contacted if you are shortlisted for an interview.