DevSecOps Engineer (

About Jobgether

Jobgether is a platform that connects job seekers with remote job opportunities.

Job Summary

We are currently looking for a DevSecOps Engineer in Finland. In this role, you will be at the forefront of security, reliability, and DevOps, designing and implementing resilient cloud infrastructure and CI/CD pipelines.

Key Responsibilities

• Embed security into CI/CD pipelines, including Infrastructure as Code scanning, secrets management, Software Composition Analysis, policy-as-code, and deployment guardrails.
• Automate vulnerability management, patching, and remediation across cloud and containerized workloads.
• Harden cloud and Kubernetes environments through secure configurations, network segmentation, and workload identity management.
• Advance supply chain security by managing SBOMs, artifact signing, and dependency governance.
• Develop secure deployment patterns, including canary rollouts, safe rollbacks, and guardrails to minimize impact.
• Conduct security design reviews and threat modeling for new services and major architecture changes.
• Strengthen identity and access management practices, enforcing least privilege and secure secrets lifecycle.
• Support compliance and audit readiness by operationalizing controls and maintaining documentation.
• Partner with engineering teams to champion secure coding practices and risk-based decision-making.
• Define and report key security KPIs, driving continuous improvement across infrastructure and platform security.

Requirements

• 5+ years of experience in DevSecOps, security engineering, or cloud security within modern cloud-native environments.
• Hands-on experience with cloud service providers (AWS, GCP, or Azure), Kubernetes, Terraform, and container security.
• Strong knowledge of secure CI/CD practices, including IaC security, dependency scanning, secrets management, and policy-as-code.
• Experience automating vulnerability and patch management workflows.
• Proficiency in scripting/programming (Python, Go, or similar) for security tooling and automation.
• Solid understanding of identity and access management concepts.
• Familiarity with detection engineering, logging, telemetry, and incident response processes.