Senior DevSecOps Engineer (Aerospace and defence)

We are seeking a Senior DevSecOps Engineer to drive security automation and implement DevSecOps best practices in development pipelines, infrastructure, and cloud environments. This role involves shaping the future of secure development within a pioneering Swedish defense and aerospace company. The focus is on deeply integrating security throughout the entire software delivery lifecycle (SDLC), working with engineering, DevOps, and security teams to build secure, scalable, and compliant systems.

Must Have

• Integrate security practices into CI/CD pipelines and infrastructure-as-code (IaC)
• Define and implement security controls in cloud environments (AWS, Azure, GCP)
• Automate security scans (SAST, DAST, SCA, and container scanning) and enforce policy compliance
• Conduct threat modeling, vulnerability management, and risk assessments
• Collaborate with DevOps and development teams to remediate security issues
• Establish and promote DevSecOps best practices, training, and documentation
• Ensure compliance with security standards and regulations (e.g., ISO 27001, SOC 2, and GDPR)
• Lead incident response and forensics processes when needed
• 5+ years of experience in DevSecOps, cloud security, or related roles
• Strong knowledge of CI/CD tools (e.g., GitLab CI, Jenkins, GitHub, and Actions)
• Proficiency in cloud-native security (AWS/GCP/Azure) and Kubernetes
• Experience with infrastructure-as-code tools (Terraform, CloudFormation, Ansible)
• Deep understanding of application security principles and secure coding practices
• Hands-on experience with automated security tools such as Snyk, Checkmarx, Aqua, etc.
• Scripting skills in Bash, Python, or similar languages

Good to Have

• Relevant certifications (e.g., AWS Security Specialty, CISSP, CKS)
• Knowledge of zero-trust architectures, API security, and secrets management
• Familiarity with regulatory frameworks (HIPAA, PCI DSS, etc.)

Company Description

We are seeking a Senior DevSecOps Engineer to drive security automation and implement DevSecOps best practices in development pipelines, infrastructure, and cloud environments.

This role is ideal for a proactive DevSecOps expert who thrives in complex environments and wants to make security an automated, continuous part of modern software delivery. You'll be shaping the future of secure development inside one of Europe’s most respected defense tech organizations.

Become part of a high-impact team working at the intersection of cloud infrastructure, CI/CD, and cybersecurity!

CUSTOMER

Our client is a pioneering Swedish defense and aerospace company, renowned for its cutting-edge technologies across air, land, and naval systems. Operating on a global scale, the organization is recognized for its innovation, security, and complex engineering excellence.

PROJECT

The focus is on ensuring that security is deeply integrated throughout the entire software delivery lifecycle (SDLC). You will work closely with the engineering, DevOps, and security teams to build secure, scalable, and compliant systems.

Job Description

• Integrate security practices into CI/CD pipelines and infrastructure-as-code (IaC)
• Define and implement security controls in cloud environments (AWS, Azure, GCP)
• Automate security scans (SAST, DAST, SCA, and container scanning) and enforce policy compliance
• Conduct threat modeling, vulnerability management, and risk assessments
• Collaborate with DevOps and development teams to remediate security issues
• Establish and promote DevSecOps best practices, training, and documentation
• Ensure compliance with security standards and regulations (e.g., ISO 27001, SOC 2, and GDPR)
• Lead incident response and forensics processes when needed

Qualifications

• 5+ years of experience in DevSecOps, cloud security, or related roles
• Strong knowledge of CI/CD tools (e.g., GitLab CI, Jenkins, GitHub, and Actions)
• Proficiency in cloud-native security (AWS/GCP/Azure) and Kubernetes
• Experience with infrastructure-as-code tools (Terraform, CloudFormation, Ansible)
• Deep understanding of application security principles and secure coding practices
• Hands-on experience with automated security tools such as Snyk, Checkmarx, Aqua, etc.
• Scripting skills in Bash, Python, or similar languages

WILL BE A PLUS

• Relevant certifications (e.g., AWS Security Specialty, CISSP, CKS)
• Knowledge of zero-trust architectures, API security, and secrets management
• Familiarity with regulatory frameworks (HIPAA, PCI DSS, etc.)