DevSecOps Engineer

5 Days ago • 7 Years + • Devops

Job Summary

Job Description

Mistral AI is seeking a seasoned DevSecOps Engineer to embed security across the product development lifecycle. This role involves driving a security-first culture, collaborating with engineering teams to harden platforms, customer-facing applications, and internal tooling. The mission is to secure production environments while empowering developers with seamless, security-conscious workflows. The position is based in Paris or London, reporting to the SRE Lead.
Must have:
  • Own and embed security across the product development lifecycle.
  • Drive a security-first culture.
  • Collaborate closely with product engineering teams to harden platforms, applications, and internal tooling.
  • Secure production environments while empowering developers with seamless, security-conscious workflows.
  • Evaluate and map the existing security posture to identify gaps and improvement opportunities.
  • Develop a forward-looking DevSecOps roadmap, leveraging AI/ML to enhance threat detection and response.
  • Establish measurable KPIs for security performance, reliability, and compliance adherence.
  • Build and optimize high-performance security test suites for CI/CD pipelines.
  • Seamlessly integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) tools.
  • Enhance testing efficiency through parallel execution and real-time vulnerability feedback.
  • Create custom scripts/tools to address unique security challenges.
  • Oversee security across the entire SDLC.
  • Standardize DevSecOps practices to ensure consistency across all engineering teams.
  • Automate security validation.
  • Enforce versioning for all artifacts.
  • Implement IaC with baked-in security guards (e.g., Terraform with policy-as-code).
  • Manage Kubernetes RBAC, network policies, and pod security to enforce least-privilege access.
  • Administer secrets and certificates via centralized tools (e.g., HashiCorp Vault, AWS Secrets Manager).
  • Ensure alignment with regulatory and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).
  • Partner with development and operations teams to embed security into daily workflows.
  • Lead training initiatives to upskill teams on secure coding, threat modeling, and incident response.
  • Champion a security-first mindset, driving cultural adoption of DevSecOps principles.
  • 7+ years of successful experience in a similar role (DevSecOps, DevOps, SRE).
  • Strong proficiency in scripting languages (Python, Go, Bash) and software development best practices.
  • Strong proficiency in site reliability engineering (root cause analysis, in-production troubleshooting, on-call rotations).
  • Strong proficiency in infrastructure operation and automation (CI/CD, containerization, orchestration, infra-as-code, monitoring, logging, alerting, observability).
  • Proven problem-solving and communication skills.
  • Proven ownership, high agency and desire to improve things for others.
  • Proven autonomy, self-drive and ability to work well in a fast-paced startup environment.
  • Proven low ego and team spirit mindset.
Good to have:
  • Exposure to multi-cloud infrastructures and on-premise environments.
  • Exposure to Security Tools & Approaches: OWASP, SAST, DAST, SCA, vulnerability scanners.
  • Exposure to Regulatory compliance and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).
Perks:
  • Competitive salary and equity
  • Health insurance
  • Transportation allowance
  • Sport allowance
  • Meal vouchers
  • Private pension plan
  • Generous parental leave policy
  • Visa sponsorship

Job Details

About Mistral

At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.

We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.

We are a dynamic, collaborative team passionate about AI and its potential to transform society. Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.

Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.

Role Summary

We are seeking a seasoned DevSecOps Engineer to own and embed security across our product development lifecycle. In this role, you will drive a security-first culture, collaborating closely with product engineering teams to harden our platforms, customer-facing applications, and internal tooling. Your mission: secure our production environments while empowering developers with seamless, security-conscious workflows.

Location: Paris 🇫🇷 or London 🇬🇧

Reporting line: SRE Lead

What you will do

As a DevSecOps Engineer, your responsibilities will include (but may not be limited to):

Security Strategy & Governance

  • Evaluate and map the existing security posture to identify gaps and improvement opportunities.
  • Develop a forward-looking DevSecOps roadmap, leveraging AI/ML to enhance threat detection and response.
  • Establish measurable KPIs for security performance, reliability, and compliance adherence.

Security Automation & Tooling

  • Build and optimize high-performance security test suites for CI/CD pipelines.
  • Seamlessly integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) tools with minimal latency.
  • Enhance testing efficiency through parallel execution and real-time vulnerability feedback.
  • Create custom scripts/tools to address unique security challenges where off-the-shelf solutions fall short.

Full-Lifecycle Security Ownership

  • Oversee security across the entire SDLC—from development and deployment to production monitoring.
  • Standardize DevSecOps practices to ensure consistency across all engineering teams.
  • Automate security validation.
  • Enforce versioning for all artifacts: application code, infrastructure templates, security policies, and configurations.
  • Implement IaC with baked-in security guards (e.g., Terraform with policy-as-code).
  • Manage Kubernetes RBAC, network policies, and pod security to enforce least-privilege access.
  • Administer secrets and certificates via centralized tools (e.g., HashiCorp Vault, AWS Secrets Manager).
  • Ensure alignment with regulatory and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).

Team Collaboration & Advocacy

  • Partner with development and operations teams to embed security into daily workflows.
  • Lead training initiatives to upskill teams on secure coding, threat modeling, and incident response.
  • Champion a security-first mindset, driving cultural adoption of DevSecOps principles across the organization.

Representative projects

  • Improve CI/CD and build systems
  • Implement static and dynamic code analysis tool
  • Implement automated vulnerability analysis
  • Optimize cloud registry (Docker, Azure, GCP)

About you

  • 7+ years of successful experience in a similar role (DevSecOps, DevOps, SRE...)
  • Strong proficiency in:
  • Scripting languages (Python, Go, Bash...) and software development best practices.
  • Site reliability engineering: root cause analysis, in-production troubleshooting, on-call rotations...
  • Infrastructure operation and automation: CI/CD, containerization, orchestration, infra-as-code, monitoring, logging, alerting, observability...
  • Exposure to:
  • Multi-cloud infrastructures (and ideally on- premise environments)
  • Security Tools & Approaches: OWASP, SAST, DAST, SCA, vulnerability scanners
  • Regulatory compliance and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).
  • Proven:
  • Problem-solving and communication skills — ability to contextualizing, gauging risks and getting buy-in for high stakes and impactful solutions.
  • Ownership, high agency and desire to improve things for others.
  • Autonomy, self-drive and ability to work well in a fast-paced startup environment.
  • Low ego and team spirit mindset.

Hiring Process

  • Intro Call - 30 min
  • Tech Culture Interview - 30 min
  • Technical Rounds - 3 x 45 min
  • Culture-fit Discussion - 30 min
  • Reference Calls

Location & Remote

This role is primarily based at one of our European offices (Paris and London). We will prioritize candidates who either reside there or are open to relocating. We strongly believe in the value of in-person collaboration to foster strong relationships and seamless communication within our team. Our remote work policy is designed to offer flexibility, enhance work-life balance, and boost productivity.

In certain specific situations, we will also consider remote candidates based in one of the countries listed in this job posting (currently France & UK). In that case, we ask all new hires to visit our local office:

  • for the first month of their onboarding (accommodation and travelling covered)
  • then at least 3 days per month

What we offer

  • Competitive salary and equity
  • Health insurance
  • Transportation allowance
  • Sport allowance
  • Meal vouchers
  • Private pension plan
  • Parental : Generous parental leave policy
  • Visa sponsorship

Similar Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Similar Skill Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Jobs in Paris, Île-de-France, France

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

Devops Jobs

Looks like we're out of matches

Set up an alert and we'll send you similar jobs the moment they appear!

About The Company

Palo Alto, California, United States (On-Site)

Paris, Île-de-France, France (On-Site)

Paris, Île-de-France, France (On-Site)

London, England, United Kingdom (On-Site)

Paris, Île-de-France, France (Hybrid)

Palo Alto, California, United States (Hybrid)

Palo Alto, California, United States (Remote)

Paris, Île-de-France, France (Hybrid)

Paris, Île-de-France, France (On-Site)

Paris, Île-de-France, France (On-Site)

View All Jobs

Get notified when new jobs are added by Mistral AI

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug