Be the first to apply!

Senior DevSecOps Engineer

Xeynergy   Colombo • Full-time

About this role

Xeynergy is hiring on behalf of one of our international clients for a Senior DevSecOps Engineer to join a high-performing engineering team. This is a hands-on role focused on owning the full remediation lifecycle of security findings across a modern cloud-native platform built on GCP and Kubernetes.

Key Responsibilities

Security Remediation & VAPT Management

  • Own and manage security findings from third-party VAPT engagements, audits, and compliance assessments through to verified closure.
  • Analyse findings, identify root causes, and coordinate remediation activities with engineering teams.
  • Work directly with external assessors for clarifications, retesting, and sign-off processes.
  • Maintain accurate tracking of findings, severity levels, ownership, remediation status, and closure evidence.

Vulnerability & Scanner Findings Management

  • Remediate findings from cloud posture tools, container scans, SAST/DAST tools, dependency scans, and secret detection platforms.
  • Prioritise remediation based on severity, exploitability, and business impact.
  • Ensure vulnerabilities are fully resolved and validated.

CI/CD & DevSecOps

  • Integrate security controls and automated remediation checks into GitLab CI/CD pipelines.
  • Implement security gates to prevent regression of critical and high-severity vulnerabilities.
  • Continuously improve DevSecOps processes and automation practices.

GCP & Kubernetes Security

  • Remediate security findings related to GCP IAM, cloud configurations, exposed services, and Kubernetes environments.
  • Harden GKE clusters, RBAC policies, pod configurations, and network policies in line with CIS Benchmarks and security best practices.
  • Collaborate with platform teams to improve cloud security posture across environments.

Reporting & Compliance

  • Maintain audit-ready remediation evidence and documentation.
  • Provide regular reporting on remediation progress, SLA adherence, and overall risk posture.
  • Support security and compliance initiatives as required.

Required Skills & Experience

Strong hands-on experience with:

  • GCP
  • GKE / Kubernetes
  • GitLab CI/CD
  • Terraform
  • Bash/Shell scripting
  • Experience managing and remediating findings from VAPT engagements and security assessments.

Solid understanding of:

  • OWASP Top 10
  • CIS Benchmarks
  • Cloud security best practices
  • IAM and Kubernetes security concepts
  • Experience with vulnerability management, cloud posture management, and container security tools.
  • Ability to work independently and take ownership of remediation activities end-to-end.

Preferred Certifications

  • Google Professional Cloud Security Engineer
  • Certified Kubernetes Security Specialist (CKS)
  • Certified Ethical Hacker (CEH)
  • CompTIA Security+

Why Join?

  • Opportunity to work with an international client on enterprise-scale cloud infrastructure.
  • Exposure to modern DevSecOps and cloud security practices.
  • Collaborative and fast-paced engineering environment.
  • Competitive compensation and long-term growth opportunities.