DevSecOps Engineer
As a DevSecOps Engineer, your role is to:
* Set up and monitor all the steps, tools, and practices that enable the development, testing, and deployment of software applications at Speos, in order to improve the performance of every stage of the delivery chain.
* Evolve CI/CD and operational platforms by integrating best practices in automation, observability, and security. You act as a facilitator for developers, as a guarantor of quality, and as a key player in the company’s technical transformation.
Your responsibilities
As a DevSecOps Engineer, your responsibilities include:
CI/CD Platform – Design, Evolution, and Maintenance
* Design, maintain, and evolve the CI/CD platform to provide developers with a modern, intuitive, and productive tool.
* Integrate leading technologies (GitHub Actions, GitLab CI, Jenkins, ArgoCD...) to optimize pipeline efficiency.
* Measure and improve pipeline performance (execution time, success/failure rate) to ensure robustness.
* Deploy Infrastructure as Code (IaC) to version pipelines and environments.
Security by Design – Continuous Security Integration (DevSecOps)
* Maintain and evolve vulnerability scanning tools (source code, libraries and dependencies, Docker images).
* Implement automated security policies in pipelines to detect vulnerabilities early in the development process.
* Integrate secret and credential verification in the CI/CD process.
* Ensure secure secrets management (Vault, AWS Secrets Manager...).
Software Quality – Test Automation
* Ensure the automation of unit tests in CI pipelines.
* Promote integration and automated security testing.
* Measure and report test coverage to developers.
* Automate static and dynamic code analysis (linting, SAST, etc.).
Artifact and Registry Management
* Administer code repositories (GitLab), library repositories (Nexus), and image registries (Nexus) to ensure artifact availability.
* Implement retention, tagging, cleanup, and security policies to guarantee integrity and version control.
Deployment Automation (CD)
* Build and maintain automated deployment pipelines to accelerate production release cycles.
* Integrate security or approval gates into production flows to secure releases.
* Ensure consistency and stability across environments (Dev, Test, Prod).
* Track and trace each deployment (logs, signatures, audits).
Observability, Monitoring, and Performance
* Deploy and maintain observability tools (logs, traces, metrics) to ensure system visibility.
* Ensure application and infrastructure monitoring (Prometheus, Grafana, ELK...).
* Optimize resource usage and detect anomalies.
* Provide meaningful alerts and facilitate incident diagnosis.
Compliance, Audit, and Governance
* Maintain CI/CD action and access traceability to meet security and audit requirements.
* Contribute to the preparation of security or quality audits (ISO 27001, GDPR...).
* Document processes, policies, and security rules to support compliance and transparency.
* Participate in compliance reviews and risk management.
DevSecOps Culture and Team Enablement
* Support developers in using CI/CD tools and best practices.
* Lead training sessions or workshops on security awareness (OWASP, secure coding...).
* Promote a DevSecOps culture based on automation, collaboration, and feedback.
* Contribute to incident resolution and continuous improvement post-mortems.
Continuous Improvement of the Operational Platform
* Identify business needs and adapt infrastructure accordingly.
* Drive structural technical evolutions (containers, Kubernetes, GitOps...).
* Ensure scalability, resilience, and availability of the platform.
* Proactively suggest relevant emerging technologies for Speos.
Your profile
As a DevSecOps Engineer, you bring:
* Minimum 2 years of experience as a DevOps Engineer.
* Strong knowledge of application security principles and pipelines (DAST, SAST, secret management).
* Expertise in CI/CD and automation of development workflows.
* Proficiency in Infrastructure as Code (Terraform).
* Knowledge of public cloud (AWS).
* Familiarity with observability and alerting tools (ELK, Grafana).
* Strong communication and cross-team collaboration skills.
* Fluency in French and English is a must (Dutch is a plus).