Senior DevSecOps Engineer

Role title: Senior DevSecOps Engineer
Location: Adelaide, SA (Hybrid)
Engagement: Permanent

DUE TO THE NATURE OF THIS WORK, A MINIMUM ACTIVE NV1 SECURITY CLEARANCE IS REQUIRED.

ROLE PURPOSE
The Senior DevSecOps Engineer will be a key leader in ensuring the secure, efficient, and compliant
development and deployment of software solutions for the enterprise. In this senior role, you will take
ownership of the design, implementation, and continuous improvement of security-driven DevSecOps
practices, overseeing the integration of security measures across the full software development
lifecycle (SDLC) and deployment pipelines.

This role performs diverse complex activities, supports and supervises others, works autonomously
under general direction, and contributes expertise to deliver team objectives. You will work closely with
multidisciplinary teams to ensure that software products meet the highest security standards and
compliance requirements, while optimising operational efficiency. Your role will focus on driving the
adoption of best practices in secure coding, automation, and cloud-native infrastructure within a highly
regulated environment.

ROLE SPECIFIC RESPONSIBILITIES

• Design, implement, and manage CI/CD pipelines with a focus on automation, security, and
• scalability.
• Engage with Software Development teams to embed security best practices throughout the
• software development lifecycle (SDLC).
• Work closely across the enterprise to provide and support infrastructure solutions that meet their
• needs and enable rapid application deployment.
• Manage deployments to containerised orchestration infrastructure with a security-first mindset.
• Implement and manage security tools such as static/dynamic analysis tools (SAST/DAST),
• vulnerability scanners, and intrusion detection systems.
• Utilise monitoring, logging, and alerting systems to ensure platform health and provide insights
• into system behaviour.
• Participate in incident response, including investigation, remediation, and post-mortem analysis.
• Investigate, define, and resolve complex technical issues and document outcomes.
• Coordinate and perform evaluations of options and trade-offs, ensuring alignment with project
• goals and security best-practices
• Plan, schedule, and monitor complex tasks, ensuring alignment with evolving project standards.
• Lead and facilitate reviews of work, providing constructive feedback to improve team output.
• Mentor team members and collaborate effectively with cross-functional teams.
• Lead and participate in team meetings and activities, fostering collaboration and knowledge
• sharing.
• Stay up to date with the latest security trends and technologies, proactively identifying areas for
• improvement in our systems and processes.

ENTERPRISE-WIDE RESPONSIBILITIES

• Collaborate effectively across the teams and enterprise, sharing information and communicating clearly to ensure complex ideas are understood by all audiences.
• Embrace a mindset of continuous improvement and agility, proactively seeking opportunities to innovate, adapting to change, and enhance processes to drive efficiency and effectiveness.
• Demonstrate and live our Consunet values in all interactions, decisions, and work practices.
• Provide appropriate people and / or technical leadership corresponding with seniority / position in a way that demonstrates measurable contribution towards achieving the objectives of the enterprise.
• Deliver against the individual / team objectives as identified in the enterprise business strategy.
• Comply with and promote agreed WHS practices, privacy provisions, agreed codes, policies, and procedures, and conduct work in a respectful, safe and efficient manner.

QUALIFICATIONS AND EXPERIENCE REQUIREMENTS

QUALIFICATIONS
Bachelor’s or Master’s degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related discipline; or equivalent experience.

EXPERIENCE

Essential Requirements

• Willingness to apply for a defence security clearance appropriate for the level of work conducted.
• Solid understanding of Linux/Unix systems, networking concepts, and security principles.
• Strong scripting skills (e.g., Python, Bash) for automation and Infrastructure as Code tools like Ansible and Helm.
• Strong knowledge of container technologies (e.g. Docker and Kubernetes), artifact repositories (e.g. JFrog Artifactory) and container security best practices.
• Experience with software development security tooling (e.g. SonarQube, Grype, JFrog Xray).
• Knowledge of the ASD Essential 8 and ISM and how to apply these.
• Proficiency in building and managing CI/CD pipelines using tools like Jenkins and GitLab CI.
• A strategic mindset for identifying and managing security risks across the SDLC, with an ability to develop risk mitigation strategies that align with enterprise objectives.
• Excellent analytical and problem-solving skills with the ability to troubleshoot complex technical issues.
• Ability to lead and mentor teams of engineers, ensuring the adoption of security best practices and DevSecOps principles.
• Commitment to ongoing professional development and staying current with emerging security threats, technologies, and industry best practices.
• Strong written and verbal communication skills with the ability to explain technical concepts to both technical and non-technical audiences.
• Knowledge of monitoring and observability tools like Prometheus, Grafana, and ELK stack.

Desirable Requirements

• Exposure to other Infrastructure as Code tools (e.g. Terraform, AWS Cloud Foundation
• Knowledge of threat detection tooling (e.g. Zap, Falco)
• Hands-on experience with major cloud platforms (AWS, Azure, GCP) and their security services.
• Experience with service mesh technologies (e.g. Istio).
• Knowledge of serverless computing and event-driven architectures.
• Experience with database administration (e.g. PostgreSQL, Microsoft SQL Server, Oracle, MongoDB)
• Certified DevOps Engineer (AWS or Azure)

We are an inclusive employer committed to fostering a diverse and accessible workplace. We encourage applications from Aboriginal and Torres Strait Islander peoples, people with disabilities, LGBTQIA+ individuals, people of all ages, and those from culturally and linguistically diverse backgrounds.