Devsecops

Medi2data, Cape Town, Western Cape, South Africa

DevSecOps Engineer

We are seeking a skilled DevSecOps Engineer to join our dynamic team.

In this role, you will integrate security practices into our DevOps processes, ensuring that our software is secure and delivered efficiently.

You will work closely with development, operations, and security teams to automate security measures, conduct vulnerability assessments, and respond to security incidents in real-time.

This role offers the opportunity to make a significant impact on Medi2data's security posture and contribute to innovative solutions.

We're a team of passionate primary care specialists, medics, data informatics, and industry experts who have come together to create simple, intuitive technologies that revolutionise how medical data is digitally reported and transacted.

The role is full-time with a market-competitive package.

It will be heavily involved in our in-house development team and responsible for maintaining best practices and standards in software engineering while working with the Head of Development, Product team, internal engineers, and development partners to drive high-quality programming and technical solutions.

We have several in-house platforms, including a Django web app managed with Terraform in GCP, an internal and external REST API, and support for static portals using CloudFront and Lambdas.

As we launch the next iteration of automating and using AI for classification of medical data and evidence gathering, we're looking for a senior engineer to own platform security end-to-end : from guardrails in Terraform and CI / CD to runtime controls in Kubernetes, WAF at the edge, and audit-ready evidence for ISO / NHS DSPT / UK-GDPR.

• Bachelor's degree in Computer Science, Information Security, or a related field or equivalent experience.
• Proven experience in a DevSecOps or related role.
• Proficiency in security and DevOps tools such as GitHub Actions, Docker, Kubernetes, and security-scanning tools.
• Strong understanding of cloud platforms and platform engineering in general (preferably GCP) and their security features.
• Experience with automation and scripting languages (e.g., Python, Zsh, Bash).
• Familiarity with CI / CD pipelines, particularly ArgoCD.
• Excellent problem-solving and analytical skills.
• Strong communication and leadership abilities.

• Integrate security best practices into the DevOps pipeline, focusing on OWASP Top 10.
• Conduct regular vulnerability assessments and provide remediation recommendations.
• Collaborate with external audit teams and coordinate fixes of findings.
• Collaborate with dev, ops, and security teams to design and implement security solutions.
• Automate security processes, including vulnerability scanning, disaster recovery, and incident response.
• Apply threat-modelling, attack‑vector analysis, and security design reviews.
• Monitor security metrics and prepare reports for stakeholders.
• Stay updated on the latest security trends, threats, and technologies.
• Respond to security incidents and lead post‑incident investigations.
• Provide training and guidance on security best practices.

• Leadership – guide and mentor cross‑functional teams in security practices.
• Problem‑solving – identify and resolve complex security issues.
• Communication – clear and effective communication with technical and non‑technical stakeholders.
• Attention to detail – meticulous in identifying and addressing vulnerabilities.
• Collaboration – work effectively in a team environment and foster shared responsibility.

• 5+ years in cloud / K8s platform roles with 2+ years focused on security.
• Terraform at scale (modules, workspaces), plus policy‑as‑code.
• CI / CD experience (GitHub Actions / GitLab CI / Bitbucket Pipelines).
• Kubernetes runtime security : admission controllers, network policies, pod security, image provenance, secrets, PSP / PSS equivalents.
• WAF ownership and HTTP security hardening.
• Evidence‑oriented workstyle for ISO / NHS DSPT / UK‑GDPR.
• Strong written communication; influence guardrails without blocking delivery.

• Understanding of AI security attack vectors.
• Experience with NHS ecosystems (IM1 Pairing, UK‑Core FHIR).
• Datadog logging / metrics, custom detectors, and cost‑aware log pipelines.

Mid‑Senior level

Full‑time

Software Development

Referrals increase your chances of interviewing at Medi2data by 2×

#J Ljbffr