(M/W) DevSecOps Engineer
Version française disponible sur demande.
We are seeking a skilled DevSecOps Engineer to join our dynamic team. In this role, you will be responsible for building and maintaining the tools and infrastructure that support fast and automated software delivery, as well as integrating security practices into our DevOps processes, ensuring that our software is both secure and delivered efficiently. As a DevSecOps Engineer, you will work closely with development and IT teams to support and improve our CI/CD, automate security measures and conduct vulnerability assessments. This role offers the opportunity to make a significant impact on our company’s security posture and contribute to the development of innovative solutions.
Reporting to the Head of Embedded Critical System, the DevSecOps Engineer for Embedded Development will be responsible for the following duties:
- Create, support, maintain, and enhance automated Continuous Integration (CI) pipelines with GitLab and GitLab runner components running within automated builds, static code analysis, software composition analysis, unit, component, and system testing, containerization, and deployment activities
- Design, support, maintain, and upgrade software such as GitLab, CMake, Docker, Conan, various compilers and tools, etc
- Handle configuration management and environment provisioning
- Handle package dependencies and versions (python, conan)
- Optimize build time (cache policy)
- Certificate management (pki infrastructure)
- Integrate security best practices into the DevOps pipeline, ensuring secure software delivery
- Conduct regular vulnerability assessments and provide recommendations for remediation
- Collaborate with development and IT teams to design and implement security solutions
- Automate security processes, including vulnerability scanning and incident response
- Stay up to date with the latest security trends, threats, and technologies
- Respond to security incidents and lead post-incident investigations
- Troubleshoot deployment failures or infrastructure issues
- Collaborate with IT to define and deploy solutions for large data set management (AI training)
- Maintain and propose solution for internal tooling servers logs
- Document processes & development
Qualifications
- Bachelor’s degree in Computer Science, Information Security, or a related field
- Required experience: 5 years proven experience in a DevSecOps or related role in an Embedded Development Context
- Proficiency in security and DevOps tools such as Docker, Conan, GitLab, and security scanning tools
- Strong experience with continuous integration and continuous delivery (CI/CD) pipelines
- Experience with automation and scripting languages (e.g., Python, Bash)
- Understanding of cloud platforms (e.g., AWS) and their security features
- Excellent problem‑solving and analytical skills
Must-Have Skills
- Strong expertise in DevOps and security tools (e.g., GitLab, Docker, Conan)
- Experience with cloud security and cloud platforms (AWS)
- Proficiency in scripting and automation (Python, Bash, etc.)
- Hands‑on experience with vulnerability assessment and penetration testing tools
- Knowledge of security compliance frameworks (e.g., ISO 27001, NIST, GDPR)
Hard Skills
- DevOps and Security Tools: Proficiency in tools such as GitLab, Docker, Conan, and security scanning tools
- Incident Response: Skills in responding to and managing incidents
- Automation: Expertise in automating processes and integrating them into CI/CD pipelines
- Vulnerability Assessment: Experience in identifying and mitigating security vulnerabilities
- Security Integration: Ability to embed security protocols into the DevOps pipeline
- Experience with database is a plus
Soft Skills
- Problem‑Solving: Strong analytical skills to identify and resolve complex issues
- Communication: Clear and effective communication with technical and non‑technical stakeholders
- Attention to Detail: Meticulous approach to identifying and addressing security vulnerabilities
- Collaboration: Ability to work effectively in a team environment and foster a culture of shared responsibility for security