Piposoft is a talent acquisition agency that specialises in helping companies build stronger teams by sourcing and placing top talent.
Piposoft client a forward-thinking technology company dedicated to building innovative and secure products, is looking for a passionate Junior DevSecOps Engineer to help us build, maintain, and secure our cloud infrastructure and CI/CD pipelines, ensuring that they deliver robust and secure software at speed.
Position Overview
The Junior Dev SecOps Engineer will be a key member of our technology team, bridging the gaps between development, security, and operations. They will be responsible for integrating security practices and tools into every phase of our CI/CD pipeline, automating security controls, and proactively identifying and mitigating vulnerabilities.
The ideal candidate is a security-minded engineer who thrives in a collaborative, fast-paced environment and is passionate about building a culture of security.
Location: Nairobi
Office First with 3 days at the office.
Key Responsibilities
Development & Automation:
- Implement and manage security tools and technologies within the CI/CD pipeline (SAST, DAST, SCA, IAC scanning).
- Automate key security processes, including compliance checks,vulnerability scanning, and incident response.
- Develop scripts and tools (using Python, Bash, PowerShell, etc.) to create solutions that enhance security and operational efficiency.
- Test and validate the security of new systems, applications, and infrastructure before deployment.
Security & Compliance:
- Proactively identify, assess, and remediate security vulnerabilities and potential threats across our cloud and on-premises environments.
- Develop, implement, and maintain security strategies, controls, and governance frameworks.
- Ensure compliance with relevant industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR, HIPAA).
- Promote cybersecurity awareness and best practices across development and operations teams.
Operations & Collaboration:
- Work closely with Software Development, DevOps, and IT Operations teams to ensure seamless and secure operations.
- Monitor the overall health, performance, and security of our network and infrastructure.
- Participate in incident response activities and conduct blameless post-mortems to drive improvements.
- Manage and configure cloud security posture management (CSPM) and cloud workload protection platforms (CWPP).
Must-Have Skills and Qualifications:
- 1+ years of experience in a Dev SecOps, Security Engineering, or DevOps role with a strong security focus.
- Solid grasp of core security concepts (CIA triad, threat modeling, zero trust).
- Strong understanding of the entire Software Development Lifecycle (SDLC) and Agile methodologies.
- Proficiency in at least one programming language such as Python, Java, or Go and scripting with Bash or PowerShell.
- Hands-on experience with CI/CD tools (e.g., Jenkins, GitLab CI, GitHub Actions, Circle CI) and integrating security tools into them.
- Deep familiarity with cloud platforms (AWS, Azure, or GCP) and their native security tools.
- Experience with Infrastructure as Code (IaC) tools like Terraform or CloudFormation and their security scanning.
- Knowledge of containerization (Docker) and orchestration technologies (Kubernetes) and their security best practices.
- Excellent problem-solving, analytical, and communication skills.