Senior DevSecOps Engineer

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior DevSecOps Engineer based in Switzerland.

As a Senior DevSecOps Engineer, you will play a critical role in strengthening the security posture of large-scale, high-traffic digital platforms operating in a fast-moving product environment. You will design and implement security-first engineering practices across application, infrastructure, and cloud layers, ensuring that security is embedded throughout the entire software development lifecycle. Working closely with engineering, platform, and product teams, you will build scalable security frameworks, automate controls, and reduce systemic risk across complex distributed systems. This role combines hands-on engineering with strategic security architecture, offering the opportunity to influence how security is built, measured, and maintained at scale. You will also help shape compliance readiness and drive security maturity across multiple teams in a highly collaborative, remote-first organization.

Accountabilities

• Design and implement an end-to-end Application & Infrastructure Security operating model, including ownership structures, SLAs, escalation paths, risk acceptance processes, and reporting frameworks.
• Build and maintain a robust vulnerability management program covering detection, triage, prioritization, remediation tracking, exception handling, and security metrics.
• Integrate security controls into SDLC and CI/CD pipelines, including SAST, SCA, secret scanning, container and image scanning, SBOM generation, and security quality gates.
• Strengthen software supply chain security through dependency management, artifact signing, CI/CD hardening, protected branches, and secure release practices.
• Define and implement cloud security baselines using Infrastructure as Code, including IAM policies, KMS, logging, threat detection, and cloud security monitoring tools.
• Establish Kubernetes security standards such as Pod Security Policies/Standards, network policies, RBAC reviews, admission control, and runtime security practices.
• Collaborate with engineering and platform teams to remediate vulnerabilities, reduce false positives, improve secure coding practices, and embed security-by-design principles.
• Support compliance and audit readiness efforts (including PCI DSS and similar frameworks) by preparing documentation, controls, and security evidence.
• Automate security workflows and reporting using scripting and engineering tools (Python, Bash, or Go) to improve efficiency and scalability.
• Continuously improve security tooling, policies, and processes across cloud, application, and infrastructure environments.
  
  

Requirements

• 5+ years of hands-on experience in DevSecOps, Application Security, or Security Engineering roles in production environments.

Interested in remote work opportunities in Devops? Discover Devops Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Strong practical experience integrating security tools into CI/CD pipelines (GitLab CI, GitHub Actions, or similar).
• Expertise with security scanning tools such as SAST, SCA, secret scanning, container/image scanning (e.g., Semgrep, SonarQube, Trivy, Snyk, Grype, Gitleaks or equivalents).
• Strong understanding of CI/CD security concepts including least privilege access, protected branches/environments, secrets management, CODEOWNERS, and secure runner configurations.
• Proven experience building vulnerability management processes including triage, prioritization, SLA definition, remediation tracking, and risk acceptance workflows.
• Deep knowledge of software supply chain security including SBOMs, dependency pinning, artifact signing, provenance, and dependency risk management.
• Strong cloud security experience, ideally in AWS, including IAM, Security Groups, KMS, CloudTrail, GuardDuty, Security Hub, and network architecture.
• Hands-on experience with Kubernetes security including RBAC, network policies, admission controllers, audit logging, and runtime security concepts.
• Experience with Infrastructure as Code security (Terraform preferred) using tools like tfsec, Checkov, or policy-as-code frameworks.
• Strong automation skills in Python, Bash, or Go for building security tools, pipeline integrations, or reporting systems.
• Solid understanding of OWASP Top 10, web application vulnerabilities, and secure development practices.
• Ability to work independently, prioritize effectively, and collaborate closely with engineering, platform, and business stakeholders in a fast-paced environment.
• Experience in regulated industries such as fintech or gaming is a plus.
  
  

Benefits

• Fully remote work with flexibility to work from anywhere within compatible regions.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Competitive compensation package aligned with experience and market standards.
• 20 paid vacation days plus public holidays and sick leave.
• Private health insurance and psychological support coverage.
• Flexible benefits budget for personal use, hobbies, sports, and lifestyle needs.
• Learning and development budget, including courses, training, workshops, and language programs.
• Corporate events, team-building activities, and professional development workshops.
• Flexible working culture focused on autonomy, trust, and work-life balance.
• Access to modern engineering practices, automation-first workflows, and cutting-edge security tooling.
• Opportunity to work on high-scale, high-impact systems in a fast-growing product environment.
  
  

How Jobgether Works

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Why Apply Through Jobgether?

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.