DevSecOps - WOXA GROUP

Job Description:

• Architect secure software supply chain
• Govern source code, define repository governance, GitLab CI/CD architecture
• Manage application security across our Kubernetes platforms, cloud services, and edge networks.
• Be the technical cornerstone of our ISO 27001 compliance program
• Ensuring that security and compliance are embedded natively into how our applications are built, tested, and delivered to end-users.
• Drive "Shift-Left Security" initiative, acting as the ultimate bridge between Development, IT Operations, and Security
• Secure all microservice deployed to our Kubernetes clusters
• Govern our external perimeter using Cloud flare
• Ensure seamless orchestration between our various technical and business units.

• Experience: 5+ years or proven experience in Application Security, DevSecOps, or Software Engineering, with leadership managing technical teams
• Source Code & Pipeline Mastery: Expert-level experience with GitLab (or similar SCMs) governing large codebases.Advanced experience building complex, automated, and highly secure CI/CD pipelines
• Containerization & Workload Orchestration: Deep expertise in deploying and securing applications on Kubernetes (K8s) and utilizing Helm in high-traffic production environments
• Edge & Network Security: Proven, hands-on experience managing enterprise edge networking solutions, specifically Cloud flare (WAF, DNS, DDoS protection, CDN configurations, and API security)
• Application Security (AppSec): Strong operational knowledge of integrating security testing tools (e.g., Snyk, SonarQube, Trivy) into developer workflows. Deep understanding of OWASP Top 10 and secure software design
• Cloud Platform Knowledge: Proven track record of securing application workloads and managed services across Hybrid/Multi-Cloud environments (specifically AWS, GCP , and Digital Ocean)
• Mindset & Cross-Team Leadership: A pragmatic leader who understands the CIA Triad (Confidentiality, Integrity, Availability). You must negotiate priorities between feature-driven developers, uptime-driven SREs, and risk-averse auditors, knowing exactly when to compromise and when to halt a deployment