**Company description** Digitas Liquorice is the Connected Marketing agency, built on the principle that there are better ways for brands to connect with people. We leverage comprehensive data, technology, creative, media and strategy capabilities to deliver Media-Fueled Creativity via connected Solutions that include Connected Campaigns, Social Marketing, Brand Experience, CRM & Loyalty, and Marketing Transformation. Digitas Liquorice South Africa has Head Offices in JHB and CT with over 220 Unicorns delivering connected end-to-end solutions for our clients across SSA. Visit www.liquorice.co.za for more about us and what we do. We are also connected to 6 600 Digitas Unicorns across over 30 countries and 50 offices around the world. **Overview** We are seeking a highly skilled DevSecOps Engineer to join our team in South Africa. The ideal candidate will be responsible for integrating security best practices into the software development lifecycle (SDLC) across multi-cloud environments (Azure, GCP, AWS). They will work closely with development, operations, and security teams to ensure the secure, efficient, and continuous delivery of applications. This role requires strong expertise in Infrastructure as Code (IaC), automation, orchestration tools, and golden image management. The successful candidate will enhance security-by-design principles within CI/CD pipelines, implement OWASP Top 10 security measures, and enforce cloud-native security best practices within fintech regulatory frameworks in South Africa. **Responsibilities** **1. Cloud Security & Compliance** + Secure multi-cloud environments (Azure, AWS, GCP) by implementing security automation and monitoring tools. + Ensure compliance with financial security regulations (POPIA, PCI-DSS, ISO 27001, SOC 2). + Conduct cloud security risk assessments and enforce security guardrails to prevent misconfigurations. + Implement Zero Trust Security principles for IAM, RBAC, and secure access controls. **2. CI/CD Security & Automation** + Design and integrate secure CI/CD pipelines, incorporating automated security testing (SAST, DAST, IAST). + Implement secrets management, artifact integrity validation, and secure containerization strategies. + Automate security scans for vulnerabilities, dependencies, and misconfigurations in Terraform, CloudFormation, and Kubernetes manifests. **3. Infrastructure as Code (IaC) & Orchestration** + Implement and manage IaC frameworks using Terraform, Ansible, Puppet, and CloudFormation. + Automate provisioning of Kubernetes clusters (EKS, AKS, GKE) and containerized workloads. + Manage Docker, ECS, and Kubernetes (EKS, GKE, AKS) security, ensuring adherence to best practices. + Enforce immutable infrastructure principles through golden image management and automated patching strategies. **4. Golden Image Management & Compliance** + Develop, maintain, and enforce golden images for VMs, containers, and cloud workloads. + Automate image hardening using tools like Packer, CIS Benchmarks, and OSSEC. + Ensure compliance of golden images with security baselines and regulatory standards. **5. Threat Detection & Response** + Implement SIEM/SOAR solutions for cloud-native security monitoring and automated response. + Identify, assess, and remediate vulnerabilities using OWASP Top 10 and SANS 25 methodologies. + Secure APIs using OAuth, JWT, OpenID Connect, and enforce WAF security rules. **6. Collaboration & Training** + Work closely with DevOps, Security, and Engineering teams to embed security within the SDLC. + Conduct secure coding and DevSecOps best practices training for developers and engineers. + Advocate for "Shift Left Security" by integrating security from the earliest stages of development **7. Daily Duties** + Automate security hardening for cloud, infrastructure, and applications. + Monitor and maintain secure multi-cloud environments (Azure, AWS, GCP). + Enhance and secure CI/CD pipelines by integrating automated security testing tools. + Perform vulnerability scanning, penetration testing, and security incident analysis. + Develop and maintain golden images for infrastructure and applications. + Optimize Kubernetes security using RBAC, Pod Security Policies (PSP), Network Policies. + Automate patch management and enforce container image scanning in Docker, EKS, and ECS. + Stay updated with emerging threats, security trends, and DevSecOps innovations. **Qualifications** **Must-Have:** + 5-6+ years of experience in DevSecOps, Cloud Security, or DevOps with a security focus. + Expertise in Azure, AWS, and GCP security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center). + Strong knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps). + Proficiency in Infrastructure as Code (IaC) (Terraform, CloudFormation, Puppet, Ansible). + Hands-on experience with containerization and orchestration (Docker, Kubernetes, EKS, ECS, GKE, AKS). + Strong understanding of OWASP Top 10, SAST, DAST, IAST, API security best practices. + Experience implementing secrets management (Vault, AWS Secrets Manager, Azure Key Vault). + Proficiency in SIEM/SOAR platforms for security monitoring and incident response. + Knowledge of Zero Trust security models, IAM, RBAC, and secure networking. **Additional information** **Nice-to-Have:** + Certifications such as AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CISSP, CISM, CEH. + Experience in fintech security regulations (PCI-DSS, SOC 2, ISO 27001, POPIA). + Familiarity with DevSecOps frameworks (NIST 800-53, CSA Cloud Controls Matrix, MITRE ATT&CK). + nowledge of blockchain security or smart contract security is a plus. **Why Join Us?** + Work in a high-impact fintech company shaping the future of digital finance in South Africa. + Cutting-edge technology stack leveraging cloud-native security automation. + Career growth opportunities with training, certifications, and mentorship. + Competitive salary & benefits tailored for top security professionals. + Flexible work arrangements (remote/hybrid options available). **_NB: This job description presented provides a succinct outline of the typical functions inherent to the role, rather than an exhaustive list of all conceivable responsibilities, tasks, and duties. Moreover, we recognise that the specific responsibilities, tasks, and duties assigned to the role may vary from those outlined in the job description, with potential for additional duties that align with your capabilities being assigned as required._**