DevSecOps Engineer

Position Overview

We are seeking an experienced Dev Sec Ops  with Observability Engineer to join our team and drive the implementation of secure, scalable, and comprehensively observable cloud infrastructure. The successful candidate will be responsible for building and maintaining CI/CD pipelines, implementing security controls throughout the development lifecycle, and establishing enterprise‑grade observability practices that provide deep insights into system performance, security posture, and operational health across our entire technology stack.

• Infrastructure & Cloud Management Design, implement, and maintain cloud infrastructure on AWS using Infrastructure as Code principles.
• Manage containerisedapplications using Amazon EKS and ensure optimal performance, security, and cost efficiency.
• Collaborate with development teams to architect scalable solutions thatmeet both functional and non-functional requirements whilst embedding observabilityfrom the ground up.
• Security Controls Implementation Implement and maintain security controls throughout the development lifecycle, from code commit to production deployment.
• Integrate automated security testing, static and dynamic code analysis, andvulnerability scanning into CI/CD pipelines.
• Establish security gates and approvalprocesses that prevent vulnerable code from reaching production environments.
• Develop and enforce security policies for container images, infrastructureconfigurations, and application deployments with comprehensive securityobservability.
• Advanced Monitoring & Observability Design and implement enterprise-gradeobservability solutions using ELK Stack or Prometheus‑Grafana to provide comprehensive insights into system performance, security events, and operational health.
• Architect distributed tracing solutions using Open Telemetry to monitorapplication performance across complex microservices architectures and troubleshoot issues with precision.
• Create sophisticated dashboards, alerts, and reporting mechanisms that provide actionable insights to stakeholders whilst ensuring securityevents, performance anomalies, and operational issues are proactively identified andinvestigated.
• Implement observability‑driven incident response and post‑mortemprocesses.
• CI/CD Pipeline Management Build, maintain, and optimise CI/CD pipelines using
  
  GitLab Runners to enable rapid, reliable, and secure software delivery.
• Embed securitycontrols and observability instrumentation at every stage of the pipeline including pre‑commit hooks, automated security testing, compliance checks, and deploymentvalidation.
• Implement automated testing, security scanning, and deploymentprocesses that support continuous integration and deployment practices whilst maintaining zero‑trust security principles and comprehensive pipeline observability.
• Infrastructure as Code & Policy as Code Implementation Leverage Infrastructure asCode tools, particularly Terraform, to automate infrastructure provisioning and management with built‑in security controls, compliance checks, and observabilityinstrumentation.
• Implement Policy as Code frameworks to codify governance,compliance, and security policies that are automatically enforced across allinfrastructure deployments.
• Develop custom automation scripts and tools to streamline operational processes whilst ensuring security standards and observabilityrequirements are maintained.
• Integrate and utilise GenAI‑based coding agents toenhance development productivity and code quality, implementing appropriate securityguardrails and observability for AI‑assisted development.
• Observability Strategy & Implementation Develop and execute comprehensiveobservability strategies that encompass metrics, logs, traces, and events across theentire application and infrastructure stack.
• Implement service level objectives (SLOs) and service level indicators (SLIs) to measure and improve system reliability.
• Design and maintain observability platforms that support real‑time monitoring, historical analysis,and predictive insights for both operational and security use cases.

• Extensive experience with AWS cloud services and architecture patterns
• Strong proficiency in Terraform for Infrastructure as Code implementation,including advanced features such as modules, work spaces, and statemanagement
• Deep hands‑on experience with ELK Stack (Elasticsearch, Logstash, Kibana) or Grafana for monitoring, visualisation, and observability
• Strong knowledge of Amazon EKS and container orchestration with observabilitybest practices
• Advanced experience implementing observability solutions and distributedtracing with Open Telemetry across complex distributed systems
• Proficiency with Git Lab or Git Hub for version control and CI/CD pipelinemanagement
• Experience with GenAI‑based coding agents and AI‑assisted development tools