Senior/Lead DevSecOps Engineer

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a collaborative community of colleagues around the world, and where you'll be able to reimagine what's possible. Join us and help the world's leading organizations unlock the value of technology and build a more sustainable, more inclusive world.

Job Description: Senior/Lead DevSecOps Engineer Job Description

The Senior/Lead DevSecOps Engineer is a highly skilled technical leader responsible for embedding a 'security-first' culture and ensuring that security is a seamless and automated component of the entire Software Development Life Cycle (SDLC). This role requires a sophisticated blend of security expertise, development background, and operations knowledge to champion and drive the adoption of DevSecOps best practices across all engineering teams. The successful candidate will design and implement robust, scalable, and compliant security controls, with an emphasis on automation and shift-left security, to protect critical applications and infrastructure.

The ideal candidate will transform our approach to security, moving it from a gateway function to a foundational element of our rapid development process. Experience in a heavily regulated environment, such as banking, is a significant advantage, demonstrating proficiency in managing strict compliance frameworks, financial data protection, and system resilience.

Key Responsibilities: Core Functions and Leadership

A. DevSecOps Strategy & Implementation

• Architect and Implement Secure CI/CD Pipelines: Design, build, and maintain automated and secure Continuous Integration/Continuous Delivery (CI/CD) pipelines, integrating state-of-the-art security tools.
• Infrastructure as Code (IaC) Security: Define security standards for and ensure compliance of all cloud and infrastructure provisioning using IaC tools (e.g., Terraform, CloudFormation). Implement automated security scanning and validation for all IaC templates.
• Secrets Management: Design, implement, and operate robust solutions for managing, auditing, and rotating application secrets, keys, and credentials (e.g., HashiCorp Vault, AWS/Azure Secrets Manager), minimizing the risk of exposure.
• Security Automation: Maximize automation for all security tasks, including configuration management, vulnerability scanning, compliance checks, and security patch deployment to enhance efficiency and consistency.

B. Security Governance & Compliance (Banking Focus)

• Regulatory Compliance: (Banking experience a plus) Ensure all DevSecOps practices and deployed systems comply with stringent industry regulations and standards such as PCI DSS, SOC 2, NIST, GDPR, and internal banking security and risk policies.
• Threat Modeling & Risk Assessment: Lead threat modeling exercises for new features and systems early in the SDLC ('Shift Left') to proactively identify and mitigate security risks before code is written.
• Continuous Monitoring: Establish continuous security monitoring, logging, and alerting for applications and infrastructure, integrating security information and event management (SIEM) systems to detect and respond to threats in real-time.

C. Collaboration, Mentorship & Ownership

• Cross-Functional Liaison: Act as the primary liaison between Development, Operations, and Information Security teams to foster a culture of shared security ownership.
• Secure Coding Advocacy: Mentor and provide training to development teams on secure coding practices, DevSecOps principles, and the effective use of integrated security tooling.
• Incident Response Support: Partner with the Security Operations Center (SOC) to provide Level 3 expertise during security incidents, focusing on rapid containment, root cause analysis, and automating remediation.

Qualifications: Technical Skills and Experience

The ideal candidate will possess a strong technical background, proven leadership experience, and specific expertise in the tools and methodologies that drive modern DevSecOps practice.

A. Essential Technical Qualifications and Top Technologies

Area

Technologies / Skills

Elaboration

Cloud Platforms

AWS, Azure, or GCP

Deep expertise in securing large-scale cloud environments, including security groups, IAM/Zero Trust models, and cloud-native security services.

CI/CD Tools

Jenkins, GitLab CI, Azure DevOps, or ArgoCD

Extensive hands-on experience designing and hardening pipelines, with a focus on integrating security gates and quality checks at every stage.

Application Security

SAST, DAST, SCA

Proficiency in integrating and tuning tools like SonarQube, Checkmarx, Snyk, or Veracode within the CI/CD pipeline to analyze proprietary and open-source code for vulnerabilities.

Containerization & Orchestration

Docker, Kubernetes (EKS, AKS, GKE)

Expertise in securing container images, registry access, and runtime security for Kubernetes clusters (e.g., using Falco, admission controllers).

Scripting & Automation

Python, Go, Groovy, Bash/Shell

Strong development and scripting abilities for automating complex security tasks, integrating disparate tools, and creating custom security utilities.

Operating Systems

Linux and Windows Security

Deep understanding of hardening and managing operating system security, patching, and configuration drift.

B. Professional Experience and Soft Skills

• Experience: 7+ years of progressive experience in DevOps, or Security roles, with at least 3 years dedicated to a Senior/Lead DevSecOps or Application Security focus.
• Banking/Financial Services (Highly Desirable): experience operating within a heavily regulated financial services environment, managing compliance with PCI DSS or similar audit-heavy standards.
• Security Frameworks: Expert-level familiarity with security standards and methodologies like OWASP Top 10, MITRE ATT&CK, and NIST Cybersecurity Framework.
• Certifications (Preferred): Relevant certifications such as Certified DevSecOps Engineer (CDPSE), CISSP, CISM, or advanced cloud security certifications (AWS/Azure/GCP Security Specialty).
• Leadership and Communication: Proven ability to lead technical initiatives, mentor mid-level engineers, and effectively communicate complex security risks and recommended solutions to both executive leadership and technical teams.

Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

Ref. code

358571-en_US

Posted on

10 Nov 2025

Experience level

Experienced Professionals

Contract type

Permanent

Location

Manila

Business unit

SBU Shared Services

Brand

Capgemini

Professional communities

SaaS Solutions