We are looking for a hands-on, high-agency Lead DevSecOps Engineer to take ownership of our security infrastructure and drive a proactive security culture at SnapScan. With a team of 53 people, we operate with a startup mentality, prioritising speed, technical excellence, and innovation over bureaucracy.
We are not looking for a manager to oversee vendors; instead, we need a builder. Our current infrastructure is built on a modern, high-performance stack, with the majority of our environment managed as Infrastructure as Code (IaC). You will serve as the primary architect, unifying our defence-in-depth strategy and moving us away from reactive compliance toward proactive system resilience.
This essential role involves an 80/20 split between deep technical architecture and team leadership, and you will receive dedicated mentorship from an Engineering Manager to support your growth in people management.
Key responsibilities:
- Transform Data into Intelligence:
You will turn our SIEM (Security Information and Event Management) platform into our "Security Nerve Centre". You will move us beyond simple log ingestion into Detection Engineering. You will establish intelligent dashboards that baseline normal API behaviour.
- Automate Threat Responses:
You will build systems that trigger automated responses to unusual payloads or Indicators of Compromise (IOCs) matching our Web Application Firewall (WAF), rather than relying on manual alerts for the team to find the next day.
- Build System Resilience:
You will implement a standardised rate-limiting strategy across all new and existing endpoints. You will lead "Chaos Engineering" exercises to simulate heavy loads and DDoS attacks, ensuring our stack can withstand a surge without manual intervention.
- Shift Security Left:
You will integrate insights from our vulnerability management and network intrusion detection systems directly into our CI/CD pipelines. By leveraging our IaC foundation, you will implement Policy-as-Code Security Gates. If a developer introduces a vulnerable configuration or dependency, the build will fail automatically, preventing the risk from ever reaching our production environment.
- Technical Mentorship & SecOps Evolution:
You will see the system as a whole and provide strategic guidance to our existing DevSecOps team members. You will actively mentor junior members to evolve beyond manual PCI audits and traditional GRC (Governance, Risk, and Compliance) tasks, deepening their technical capabilities in proactive SecOps. You will empower our tactical problem solvers to move from being "fixers" to security "innovators".
This job may be for you if:
- You are a team player. You reach out to peers and cooperate with others to establish collaborative working relationships. You understand that flying solo is a limiting and isolating choice and know that making the team look good works far better than creating a one-man/one-woman show.
- You are comfortable working in ambiguity, making decisions with limited information, and iterating rapidly.
- You have a bias for action and the ability to push through roadblocks and maintain progress in a fast-paced, evolving environment.
- You are resilient and can navigate setbacks, pivot strategies, and maintain focus on the security vision.
- You’re level-headed and have the ability to adapt to challenges and make decisions under pressure. When things change, you know how to roll with the punches.
- You are a "CS" fundamentalist: You likely hold a degree in Computer Science or Engineering. You understand how systems work under the hood and value clean, maintainable architecture.
- You are proactive and fast: You don't wait for a ticket.
- You are a cost-conscious architect: You enjoy the challenge of building robust solutions on a budget, utilising open-source software rather than relying on enterprise contracts only.
- You are an ego-less collaborator: You can communicate complex technical concepts to the business, but you are also happy to jump on a call with other Engineering teams to debug an issue.
- You are curious: You stay up to date with the latest developments in the Security and AI landscape and are eager to experiment with new ways to improve our security posture.
You are our ideal candidate if you have:
- A Bachelor's degree in Computer Science, Engineering, or a related technical field.
- 10+ years of hands-on experience in DevSecOps, Cloud Security, or Systems Engineering.
- Deep expertise in managing cloud infrastructure (specifically AWS and Heroku) and deploying Infrastructure as Code (IaC).
- Strong familiarity with AWS networking and compute services, specifically VPCs, EC2 instances, Auto Scaling groups, Load Balancers, CloudFront and ECS for container management.
- Hands-on experience configuring and extracting intelligence from industry-standard security tooling. Experience with our specific toolset, including Sumo Logic, Alert Logic (ThreatManager), Fortra, CrowdStrike, Snyk, Dependabot, and AWS WAF / Cloudflare, will make you a standout candidate.
- A "startup" mindset, demonstrating a willingness to work across the stack, from vulnerability management to engineering a self-healing perimeter.
- Familiarity with our core application stack (Angular/React and Ruby on Rails) is highly advantageous.
The benefits of joining our team:
- A competitive salary
- 30 days of annual leave
- A medical aid contribution/fringe benefit of up to R2 000 per month
- An Apple MacBook and the necessary gear
- A trendy office space (when in the office)
- Discretionary annual bonus
- Lots of opportunities to learn
- Flexible office/remote working - you get to choose whether you want to work remotely or from the office, depending on the importance of critical meetings
- Paid parking (when working from the office)
- 3 Mental health days a year
- The opportunity to be part of a great team and culture!
Do you feel like you would be a good fit? If you’re interested in applying for this role and you meet the necessary requirements, please submit your CV, together with your completed application, on the link below.
