Job Openings Senior Cloud Security & DevSecOps Manager

About the job Senior Cloud Security & DevSecOps Manager

Job Title: DevSecOps Manager

Location: Midrand - Hybrid

Duration: 12 months

Role Summary

  • This senior role drives secure, automated, and compliant cloud-native delivery while managing monitoring/alerting, penetration testing programs, vulnerability management, and broader cybersecurity initiatives.
  • You will lead a team of DevSecOps engineers, foster a security by design culture, and enable the business to innovate rapidly in a regulated South African and global context

Key Responsibilities

DevOps

  • Provision and manage cloud infrastructure as code (Terraform, Ansible,

CloudFormation) on AWS, Azure, or GCP.

  • Implement containerization and orchestration (Docker, Kubernetes, Helm) for

consistent environments.

  • Automate repetitive tasks, reduce toil, and improve developer experience through self

service tools

  • Collaborate with software developers, QA, and security teams to embed DevOps

practices (shift-left security, automated testing).

  • Perform root-cause analysis on production issues, implement fixes, and drive

continuous improvement.

  • Participate in on-call rotations and incident response.

Leadership & Team Management

  • Lead, mentor, and develop a high-performing team of DevOps, SRE, and security

engineers.

  • Mentor junior engineers and promote a culture of automation and shared ownership
  • Champion DevSecOps practices and culture across Development, Operations, Security, and Compliance teams.
  • Define and track KPIs: vulnerability remediation time, security gate pass rate, MTTR, deployment frequency, and alert reduction.

AWS Cloud Environment Management & Security

  • Design, implement, and govern secure AWS architectures (multi-account landing

zones via Control Tower, VPCs, EKS, Lambda, RDS, etc.) using Infrastructure as

Code (Terraform, AWS CloudFormation, CDK).

  • Enforce least-privilege IAM, encryption (KMS), secrets management, network

security, and data sovereignty for POPIA compliance.

  • Leverage AWS-native services: Amazon Inspector, GuardDuty, Security Hub, Config,

IAM Access Analyzer, and AWS Security Agent for automated security.

  • Build and Secure CI/CD Pipelines & Automation
  • Build and evolve secure CI/CD pipelines (AWS CodePipeline, GitLab), optimizing

workflows to automate testing, builds, and deployments with security gates (SAST,

  • DAST, SCA, IaC, secret, and container scanning)

Monitoring, Alerting & Observability

  • Architect comprehensive monitoring and alerting using AWS CloudWatch, GuardDuty,

X-Ray, EventBridge, and SIEM integrations.

  • Design intelligent alerting with automated routing, escalation, noise reduction, and

rapid incident response processes (critical for Cybercrimes Act obligations).

  • Set up monitoring, logging, and alerting to maintain high availability and performance.
  • Ensure 24/7 visibility into security posture, performance, and compliance.

Cybersecurity, Penetration Testing & Risk Management

  • Lead and coordinate regular penetration testing
  • Oversee vulnerability management: scanning, risk-based prioritization, remediation

tracking, and exception processes.

  • Conduct threat modelling, runtime protection, supply-chain security, zero-trust

implementation, and incident response.

  • Ensure appropriate, reasonable technical and organisational measures for POPIA

Condition 7 (Security Safeguards), including encryption, access controls, logging,

and regular testing.

Compliance, Governance & Continuous Improvement

  • Support audits and evidence collection
  • Collaborate on release management with security go/no-go decisions.
  • Stay current with AWS security updates, emerging threats, and South African

regulatory changes.

  • Drive maturity of DevSecOps practices and conduct regular AWS Well-Architected
  • Framework reviews (Security Pillar).

Qualifications & Experience

  • Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Engineering

Experience

  • 8–10+ years in DevOps, Cloud Engineering, or Cybersecurity.
  • 3–5+ years in technical leadership or management roles.
  • Strong hands-on AWS experience
  • Proven track record in regulated environments with POPIA/GDPR compliance.

Certifications

  • AWS Certified Security – Specialty or AWS Certified DevOps Engineer – Professional.
  • CISSP, CISM, CCSP, or CISA.

Essential Skills & Competencies

Technical:

  • Deep expertise in AWS.
  • Proficiency with security tools (Inspector, GuardDuty, SAST/DAST like SonarQube,
  • SIEM).
  • Proficiency in at least one scripting language (Python, Bash, PowerShell).
  • Strong experience with Linux, networking, and Git.
  • Hands-on expertise with CI/CD, IaC, Docker/Kubernetes, and at least one major
  • cloud platform (AWS/Azure/GCP certifications preferred).
  • Penetration testing methodologies and vulnerability management.
  • Knowledge of monitoring, observability, and infrastructure security.

Leadership & Soft Skills:

  • Excellent stakeholder communication (technical to executive level).
  • Ability to drive cultural change in hybrid/fast-paced environments.
  • Strong problem-solving, metrics-driven approach, and collaboration skills.

Or refer someone