Job Openings Senior DevSecOps Engineer

About the job Senior DevSecOps Engineer

About Welvaart

At Welvaart, we create technology solutions that put people at the center.
Our close leadership style and flexible culture of growth empower our teams and elevate the quality of our delivery. We combine rigor, innovation, and empathy to drive projects that transform businesses and build lasting relationships of trust.

We complement this vision with a performance‑driven Digital Marketing offering, helping companies strengthen their visibility, enhance their online presence, and accelerate growth through smart, measurable strategies.


Project

Banking Project: The Senior DevSecOps Engineer will be responsible for embedding security controls, architecture patterns, and operational security practices into the software delivery lifecycle. The role combines hands-on DevSecOps engineering, security architecture advisory, vulnerability management, secure CI/CD enablement, and close collaboration with development teams.This position is especially focused on securing application delivery pipelines, improving vulnerability detection and remediation, supporting development teams in secure engineering practices, and ensuring that source code, dependencies, container images, secrets, and deployment artefacts are continuously assessed before promotion to production.

Role

    • Define and implement secure DevSecOps architectures and CI/CD security controls (SAST, SCA, secrets, containers, SBOM, quality gates)
    • Integrate and manage security tools (GitHub Advanced Security, SonarQube, JFrog) within development workflows
    • Establish secure artifact management and controlled promotion across environments
    • Manage vulnerabilities end-to-end: analysis, prioritization, remediation support, and reporting
    • Configure GitHub security features and enforce repository and PR governance standards
    • Maintain code quality and security policies using SonarQube
    • Secure artifact repositories and dependencies using JFrog Artifactory and Xray
    • Define branching strategies and enforce secure release and deployment controls
    • Ensure traceability, auditability, and proper governance across the delivery lifecycle
    • Support and enable development teams through guidance, training, and practical secure implementations

    We are looking for

    • Proven experience in DevSecOps, application security, or DevOps engineering.
    • Strong hands-on experience with CI/CD pipelines and secure delivery practices.
    • Experience with: GitHub Enterprise & GitHub Advanced Security, SonarQube configuration and governance, JFrog Artifactory and Xray
    • Strong understanding of vulnerability management and secure artifact lifecycle.
    • Experience working directly with development teams in remediation efforts.
    • Knowledge of Git workflows, release management, and deployment governance.
    • Experience in regulated or large enterprise environments.
    • Security & DevSecOps Tools: GitHub Advanced Security, SonarQube, JFrog Artifactory & Xray
    • CI/CD & Engineering: GitHub Actions, Azure DevOps, Jenkins, GitLab CI, pipeline-as-code, automated security gates
    • Application Security: SAST, SCA, secrets management, OWASP Top 10, vulnerability triage and remediation
    • Cloud & Containers: Docker/OCI, Kubernetes/OpenShift, container registry and image governance
    • Engineering Practices: GitFlow, branching strategies, pull request governance, artifact immutability and traceability

    What you can discover with us?

    • Be part of a tech start-up
    • Different scopes of project in different sectors
    • Structure of fairness and equity salary (Consultant Profile)
    • Training & Certification
    • Career Path management
    • More than 30 Partnerships

    UNLEASH THE POWER OF YOUR CAREER


    Or refer someone