Devsecops Engineer

Digitas Liquorice is the Connected Marketing agency, built on the principle that there are better ways for brands to connect with people.

We leverage comprehensive data, technology, creative, media and strategy capabilities to deliver Media‑Fueled Creativity via connected Solutions that include Connected Campaigns, Social Marketing, Brand Experience, CRM & Loyalty, and Marketing Transformation.

Digitas Liquorice South Africa has Head Offices in JHB and CT with over Unicorns delivering connected end‑to‑end solutions for our clients across SSA.

Visit for more about us and what we do.

We are also connected to Digitas Unicorns across over 30 countries and 50 offices around the world.

We are seeking a highly skilled Dev Sec Ops Engineer to join our team in South Africa.

The ideal candidate will be responsible for integrating security best practices into the software development lifecycle (SDLC) across multi‑cloud environments (Azure, GCP, AWS).

They will work closely with development, operations, and security teams to ensure the secure, efficient, and continuous delivery of applications.

This role requires strong expertise in Infrastructure as Code (Ia C), automation, orchestration tools, and golden image management.

The successful candidate will enhance security‑by‑design principles within CI / CD pipelines, implement OWASP Top 10 security measures, and enforce cloud‑native security best practices within fintech regulatory frameworks in South Africa.

Secure multi‑cloud environments (Azure, AWS, GCP) by implementing security automation and monitoring tools.

Ensure compliance with financial security regulations (POPIA, PCI‑DSS, ISO , SOC 2).

Conduct cloud security risk assessments and enforce security guardrails to prevent misconfigurations.

Implement Zero Trust Security principles for IAM, RBAC, and secure access controls.

Design and integrate secure CI / CD pipelines, incorporating automated security testing (SAST, DAST, IAST).

Implement secrets management, artifact integrity validation, and secure containerization strategies.

Automate security scans for vulnerabilities, dependencies, and misconfigurations in Terraform, Cloud Formation, and Kubernetes manifests.

Implement and manage Ia C frameworks using Terraform, Ansible, Puppet, and Cloud Formation.

Automate provisioning of Kubernetes clusters (EKS, AKS, GKE) and containerized workloads.

Manage Docker, ECS, and Kubernetes (EKS, GKE, AKS) security, ensuring adherence to best practices.

Enforce immutable infrastructure principles through golden image management and automated patching strategies.

Develop, maintain, and enforce golden images for VMs, containers, and cloud workloads.

Automate image hardening using tools like Packer, CIS Benchmarks, and OSSEC.

Ensure compliance of golden images with security baselines and regulatory standards.

Implement SIEM / SOAR solutions for cloud‑native security monitoring and automated response.

Identify, assess, and remediate vulnerabilities using OWASP Top 10 and SANS 25 methodologies.

Secure APIs using OAuth, JWT, Open ID Connect, and enforce WAF security rules.

Work closely with Dev Ops, Security, and Engineering teams to embed security within the SDLC.

Conduct secure coding and Dev Sec Ops best practices training for developers and engineers.

Advocate for "Shift Left Security" by integrating security from the earliest stages of development.

Automate security hardening for cloud, infrastructure, and applications.

Monitor and maintain secure multi‑cloud environments (Azure, AWS, GCP).

Enhance and secure CI / CD pipelines by integrating automated security testing tools.

Perform vulnerability scanning, penetration testing, and security incident analysis.

Develop and maintain golden images for infrastructure and applications.

Optimize Kubernetes security using RBAC, Pod Security Policies (PSP), Network Policies.

Automate patch management and enforce container image scanning in Docker, EKS, and ECS.

Stay updated with emerging threats, security trends, and Dev Sec Ops innovations.

5‑6+ years of experience in Dev Sec Ops, Cloud Security, or Dev Ops with a security focus.

Expertise in Azure, AWS, and GCP security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center).

Strong knowledge of CI / CD tools (Jenkins, Git Lab CI / CD, Git Hub Actions, Azure Dev Ops).

Proficiency in Infrastructure as Code (Ia C) (Terraform, Cloud Formation, Puppet, Ansible).

Hands‑on experience with containerization and orchestration (Docker, Kubernetes, EKS, ECS, GKE, AKS).

Strong understanding of OWASP Top 10, SAST, DAST, IAST, API security best practices.

Experience implementing secrets management (Vault, AWS Secrets Manager, Azure Key Vault).

Proficiency in SIEM / SOAR platforms for security monitoring and incident response.

Knowledge of Zero Trust security models, IAM, RBAC, and secure networking.

Nice‑to‑Have Certifications such as AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CISSP, CISM, CEH.

Experience in fintech security regulations (PCI‑DSS, SOC 2, ISO , POPIA).

Familiarity with Dev Sec Ops frameworks (NIST , CSA Cloud Controls Matrix, MITRE ATT&CK).

Knowledge of blockchain security or smart contract security is a plus.

Work in a high impact fintech company shaping the future of digital finance in South Africa.

Cutting‑edge technology stack leveraging cloud‑native security automation.

Career growth opportunities with training, certifications, and mentorship.

Competitive salary & benefits tailored for top security professionals.

Flexible work arrangements (remote / hybrid options available).