DevSecOps Expert - #46372

COSMOTE Global Solutions, a key part of the OTE Group of Companies, is seeking a highly skilled DevSecOps Expert to join our cybersecurity and IT operations teams. The ideal candidate will integrate security practices within the DevOps process, ensuring secure application development, deployment, and management throughout the software development lifecycle.

Responsibilities:

• Design, implement, and maintain security controls and practices in CI/CD pipelines.
• Collaborate closely with development, operations, and security teams to embed security in every phase of software delivery.
• Automate security testing including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).
• Manage vulnerability assessments and conduct security audits on infrastructure and applications.
• Develop and enforce security policies, standards, and best practices.
• Implement and manage security tools and platforms in cloud environments (Azure, AWS).
• Analyze and respond to security incidents within the CI/CD environment.
• Stay current with emerging DevSecOps tools, technologies, and threats to proactively enhance security posture.

Requirements

• Master’s degree in Computer Science, Information Security, or related field.
• Minimum 12 years of experience in DevSecOps or related roles.
• Strong understanding of DevOps methodologies and secure software development lifecycle (SDLC).
• Hands-on experience with CI/CD tools such as Azure DevOps, Jenkins, GitLab CI/CD integrated with security tools.
• Expertise in security automation tools including SAST, DAST, and SCA platforms.
• Proficient in scripting languages like Python, Bash, or PowerShell for automation tasks.
• Experience in managing cloud security on Azure and AWS platforms.
• Knowledge of container security best practices with tools like Docker and Kubernetes.
• Familiarity with infrastructure as code (IaC) tools such as Terraform and Ansible and embedding security controls within them.
• Strong analytical and problem-solving skills and ability to communicate complex security concepts effectively.
• Relevant security certifications (e.g., CISSP, CISM, CSSLP, or equivalent) are a plus.
• Fluent in English with strong verbal and written communication skills.