Job Vacancy Senior DevSecOps Engineer

In this role, you will embed security at the heart of our DevOps software development lifecycle, ensuring applications, platforms, and pipelines are secure by design. You will take ownership of security controls across cloud, containerised, and virtualised environments, integrating automated testing and compliance checks that enable teams to deliver at pace without compromising resilience. Working closely with platform and software engineers, you will act as a trusted security partner, translating risk into practical, actionable controls that drive measurable improvement.



You will continuously enhance our DevSecOps capabilities, strengthening vulnerability management, monitoring, and incident response processes. With the backing of experienced colleagues and central security teams, you will contribute ideas, refine tooling, and champion best practice across engineering communities, helping to build a proactive and sustainable security posture.



Key responsibilities:



• Lead & Embed Secure Design: Champion secure-by-design principles across applications, platforms, and CI/CD pipelines.

• Automate & Validate Controls: Integrate SAST, DAST, SCA and policy-as-code into pipelines to ensure continuous security assurance.

• Manage & Mitigate Risk: Identify, triage, prioritise, and track vulnerabilities through to remediation.

• Strengthen Cloud & Platform Security: Secure cloud services, container platforms, IAM, and secrets management using least-privilege models.

• Monitor & Respond: Support security monitoring, logging, alerting, and incident response activities.

• Collaborate & Influence: Partner with engineering and assurance teams to translate security requirements into effective technical solutions.

• Improve & Innovate: Enhance automation, tooling, and processes to reduce risk and drive continuous improvement.

Required qualifications to be successful in this role

To succeed, you will bring strong experience in security engineering or DevSecOps within Agile environments, with a clear understanding of how to embed security throughout the DevOps SDLC. You will combine technical depth in cloud and pipeline security with the ability to communicate risk clearly and influence diverse stakeholders.



You should have:



• Proven experience in Security Engineering, DevSecOps, or DevOps-focused security roles.

• Strong knowledge of vulnerability management and tools such as SAST, DAST, and SCA.

• Experience securing cloud platforms (e.g. Azure), virtualised and containerised environments.

• Familiarity with CI/CD tools (e.g. Azure DevOps, Jenkins) and version control (Git).

• Understanding of Infrastructure as Code (e.g. Terraform, ARM, Bicep) and configuration management.

• Knowledge of security frameworks and threat modelling approaches (e.g. OWASP, CIS, STRIDE).

• Scripting or automation skills (e.g. PowerShell, Bash).

• Experience working in Agile teams using tools such as Jira and Confluence.



#LI-JW1

Together, as owners, let’s turn meaningful insights into action.



Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because…



You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction.



Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.



You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.



Come join our team—one of the largest IT and business consulting services firms in the world.