Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

DevSecOps Engineer

Menzies Philanthropic Foundation

Location: Remote

Employment Type: Part-Time, Unpaid (Volunteer)**

Role Overview

We are seeking a motivated DevSecOps Engineer to strengthen the security and reliability of our cloud applications and CI/CD workflows. This position continues the ongoing security automation efforts established under the current DevSecOps role. The ideal candidate combines foundational security knowledge with curiosity and a willingness to learn new tools and processes while contributing directly to meaningful non-profit technology projects.

Key Responsibilities

  • Integrate and maintain security automation within CI/CD pipelines, including:
    • Static analysis (SAST) for code vulnerabilities.
    • Dynamic testing (DAST) for runtime exposures.
    • Dependency and vulnerability scanning using Semgrep , OWASP ZAP , and Dependabot .
    • Secret scanning to detect exposed keys, tokens, or credentials before release.
  • Collaborate with developers and DevOps to triage and remediate vulnerabilities identified in builds or environments.
  • Contribute to secure GitHub branching, approval, and dependency-management workflows.
  • Monitor and interpret findings from AWS-native security services such as Security Hub, GuardDuty, Config, CloudTrail, and CloudWatch to detect misconfigurations or suspicious activity.
  • Support least-privilege IAM configurations and secure AWS role usage.
  • Document security standards, scanning procedures, and remediation guidelines.
  • Participate in incident response simulations and post-incident analysis.

Required Qualifications

  • CompTIA Security+ certification (or higher).
  • Understanding of Git workflows and CI/CD concepts.
  • Familiarity with at least one scanning or automation tool (e.g., OWASP ZAP, Semgrep, Trivy, or Snyk).
  • Basic awareness of AWS security services , IAM principles , and secure configuration practices.
  • Scripting or automation experience in Bash, Python, or PowerShell .
  • Strong analytical mindset, attention to detail, and commitment to continuous learning.

Preferred Qualifications

  • Coursework or prior experience in cloud platforms (AWS, Azure, or GCP).
  • Exposure to Infrastructure-as-Code or container security concepts.
  • Interest in pursuing advanced certifications such as AWS Security Specialty , CySA+ .
  • Experience contributing to open-source or volunteer security projects.

Personal Attributes

  • Security-first mindset with proactive problem-solving.
  • Communicates clearly and collaborates respectfully with developers and operations.
  • Thrives in a remote, asynchronous team environment.
  • Curious, adaptable, and passionate about building secure, ethical technology solutions.
Vacancy posted more than 2 months ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to DevSecOps Engineer. Be the first to apply!