DevSecOps Engineer (Mid‑Senior)

About the role

We are looking for an experienced DevSecOps Engineer to build and operate secure, reliable platforms in a regulated environment. The role focuses on AWS infrastructure, CI/CD pipelines, and compliance for our clinical trial supply chain software.

Key responsibilities

• Operate and evolve AWS infrastructure (ECS/Fargate, RDS PostgreSQL, S3, IAM, KMS, Secrets Manager, CloudWatch, VPC, CloudFront/WAF) ensuring reliability, security and cost efficiency.
• Own and improve CI/CD pipelines using Bitbucket Pipelines and AWS CodePipeline for Python/Django backend and React front‑end, including image build, signing, scanning and progressive deployments.
• Manage end‑to‑end security posture: identity and access, secrets, network and application security, vulnerability and patch management, dependency and container scanning, SBOMs and incident response.
• Lead compliance initiatives (GDPR, ISO 27001, SOC 2, GxP/21 CFR Part 11) by designing controls, collecting evidence and interfacing with auditors.
• Implement observability, alerting and service‑level objectives to detect issues before customers are impacted.
• Plan and execute penetration tests, internal audits and customer security reviews, translating findings into actionable improvements.
• Collaborate with engineering leadership to embed security and compliance into the development lifecycle.

Required profile

• Strong experience with AWS services and infrastructure‑as‑code.
• Proven track record building and maintaining CI/CD pipelines for Python/Django and React applications.
• Familiarity with security best practices, vulnerability scanning and incident response.
• Ability to work in a regulated environment and understand compliance frameworks (ISO 27001, SOC 2, GxP, GDPR) – willingness to ramp up if needed.
• Proactive attitude, ownership mindset and eagerness to learn and innovate.

Required skills

• AWS (ECS/Fargate, RDS PostgreSQL, S3, IAM, KMS, Secrets Manager, CloudWatch, VPC, CloudFront, WAF)
• Python
• Django
• React
• Bitbucket Pipelines
• AWS CodePipeline
• CI/CD pipeline design
• Container image signing and scanning
• Vulnerability and patch management tools
• SBOM generation