DevSecOps Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a DevSecOps Engineer in Spain.

This is an exciting opportunity for a security-focused engineer to contribute to the development of secure, scalable, and automated cloud infrastructure within a fast-growing international technology environment. In this role, you will work at the intersection of security, development, and operations, helping integrate security best practices into modern engineering workflows and CI/CD pipelines. You will collaborate closely with cross-functional teams to strengthen infrastructure security, automate vulnerability detection, and improve system resilience across cloud-native environments. The position offers exposure to cutting-edge DevSecOps practices, infrastructure automation, and large-scale distributed systems in a fully remote and collaborative culture. This role is ideal for professionals passionate about security automation, cloud technologies, and building reliable systems that support global products and users.

• Design, implement, and maintain automated security tools and processes integrated into CI/CD pipelines.
• Develop and manage security automation workflows, including static code analysis, vulnerability scanning, and infrastructure security assessments.
• Collaborate with infrastructure and operations teams to design secure cloud architectures, deployment processes, and network configurations.
• Implement and maintain security monitoring, intrusion detection, logging, and observability solutions to proactively identify and respond to threats.
• Support the implementation of secure access controls, encryption mechanisms, firewall configurations, and web application firewall (WAF) policies.
• Work closely with development, operations, and security teams to embed security requirements throughout the software development lifecycle.
• Conduct infrastructure and configuration reviews to identify and remediate security vulnerabilities and compliance gaps.
• Assist with security audits, compliance assessments, and documentation processes related to industry standards and regulatory requirements.
• Contribute to incident response planning, risk assessments, and continuous improvement of security practices across engineering environments.

Requirements:

• Minimum 3 years of experience in Security, SecOps, or DevSecOps roles within modern engineering environments.
• Hands-on experience identifying and remediating infrastructure misconfigurations using policy-as-code and IaC security scanning tools such as Checkov, tfsec, or Terrascan.
• Knowledge of cloud infrastructure, CI/CD pipelines, infrastructure automation, and containerized environments such as Docker and Kubernetes.
• Basic programming or scripting experience with JavaScript, TypeScript, Python, or similar languages.
• Experience managing version control systems and implementing secure deployment workflows.
• Familiarity with WAF and firewall configuration management, including platforms such as Cloudflare or equivalent technologies.
• Strong understanding of security principles, secure coding practices, OWASP Top 10 vulnerabilities, encryption, authentication, and access control.
• Experience with security monitoring tools, SAST/DAST scanners, vulnerability management platforms, and log analysis solutions.
• Knowledge of threat modeling, risk assessment methodologies, vulnerability remediation, and incident response processes.
• Excellent collaboration and communication skills with the ability to work effectively across development, operations, and security teams.
• Relevant security certifications are considered an advantage.

Benefits:

• Fully remote work environment with flexibility across supported regions.
• Competitive compensation package with potential stock grant opportunities depending on role and location.
• Access to country-specific perks and employee benefits programs.
• Optional coworking access through WeWork locations.
• Opportunity to work on large-scale global infrastructure and modern cloud-native security environments.
• Exposure to advanced DevSecOps methodologies, automation frameworks, and security technologies.
• Collaborative and inclusive culture focused on innovation, continuous learning, and career growth.
• Opportunity to contribute to products and systems supporting a globally distributed workforce.