DevSecOps Lead

 Posted 4 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Lead the DevSecOps strategy and roadmap to integrate automated security controls throughout the software-development lifecycle. Partner with engineering and platform teams to secure cloud environments, containers, and delivery pipelines.

Your application and all hiring communication for this role run through the Techy Recruiter team.

About Ajaib

Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.

We’re looking for a DevSecOps Lead to embed security into the way we build, deploy, and operate our technology.

The role

You’ll lead DevSecOps across Ajaib’s engineering and security organisations.

This is a hands-on leadership role focused on making security an integrated and automated part of the software-development lifecycle. You’ll work closely with engineering, platform, infrastructure, application security, cloud, and operations teams to build secure delivery pipelines, strengthen cloud controls, and reduce risk without slowing down releases.

You’ll define the DevSecOps roadmap, improve security automation, and help engineering teams adopt secure practices across applications, infrastructure, containers, and cloud environments.

What you’ll do

  • Define and lead Ajaib’s DevSecOps strategy, roadmap, standards, and operating model

  • Embed security controls throughout the software-development lifecycle

  • Integrate security testing into CI/CD pipelines across applications, services, and infrastructure

  • Implement and improve SAST, DAST, software-composition analysis, secrets detection, container scanning, and infrastructure-as-code scanning

  • Build automated security guardrails that help teams identify and resolve issues early

  • Partner with engineering and platform teams to improve the security of build, deployment, and release processes

  • Strengthen security across cloud environments, containers, Kubernetes, APIs, backend services, and internal platforms

  • Establish secure infrastructure-as-code practices and reusable security patterns

  • Improve identity, access, secrets, keys, and privileged-access controls across engineering environments

  • Define secure configuration baselines for cloud services, containers, workloads, and deployment platforms

  • Automate vulnerability identification, prioritisation, assignment, remediation tracking, and verification

  • Work with application security and engineering teams to reduce false positives and make security findings actionable

  • Support threat modelling, architecture reviews, and security assessments for new systems and platforms

  • Improve logging, monitoring, alerting, and detection across development and production environments

  • Partner with incident-response teams to strengthen readiness, containment, recovery, and post-incident improvements

  • Assess and improve software-supply-chain security, including dependencies, artefacts, build systems, and third-party components

  • Define DevSecOps metrics and provide clear reporting on security coverage, risk, and remediation progress

  • Build security knowledge across engineering teams through documentation, training, tooling, and practical guidance

  • Mentor DevSecOps and security engineers and help grow the function as Ajaib scales

What you bring

  • Strong experience in DevSecOps, cloud security, platform security, security engineering, or infrastructure security

  • Experience leading DevSecOps programmes, technical initiatives, or security-engineering teams

  • Hands-on experience building and securing CI/CD pipelines

  • Strong knowledge of cloud security, containers, Kubernetes, infrastructure as code, and modern software-delivery practices

  • Experience implementing security tools such as SAST, DAST, software-composition analysis, secrets scanning, container scanning, and infrastructure-as-code scanning

  • Strong understanding of software-supply-chain security and secure build practices

  • Experience with cloud platforms such as AWS, Google Cloud, or Azure

  • Experience with tools such as Terraform, Kubernetes, Docker, GitHub Actions, GitLab CI, Jenkins, or similar technologies

  • Ability to write automation and integrations using languages such as Python, Go, Bash, or JavaScript

  • Strong understanding of identity and access management, secrets management, encryption, key management, and privileged access

  • Experience managing vulnerabilities across applications, cloud environments, infrastructure, and third-party components

  • Understanding of secure software-development practices, threat modelling, and application-security principles

  • Ability to translate security requirements into practical engineering controls and automated workflows

  • Strong communication and stakeholder-management skills

  • Strong written and spoken English

Nice to have

  • Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms

  • Experience securing high-availability or highly regulated financial systems

  • Familiarity with policy-as-code tools and automated compliance controls

  • Experience with cloud-native security tooling and runtime protection

  • Knowledge of service meshes, microservices, API gateways, and distributed architectures

  • Experience with security-information and event-management platforms and cloud-security monitoring

  • Familiarity with frameworks and standards such as NIST, CIS Benchmarks, ISO 27001, or PCI DSS

  • Experience building a DevSecOps programme in a fast-growing organisation

  • Certifications such as CISSP, CCSP, CSSLP, CKS, AWS Security Specialty, or equivalent

Why join

  • High-impact ownership: shape how security is embedded across Ajaib’s engineering and delivery practices

  • Meaningful technical challenges: secure cloud platforms, CI/CD pipelines, containers, applications, and financial systems

  • Real influence: partner directly with engineering and platform teams to improve how technology is built and operated

  • Security at scale: create automation and guardrails that protect the business as it grows

  • Leadership opportunity: define DevSecOps standards, mentor engineers, and help build a strong security-engineering culture

  • Meaningful mission: help protect customers, investments, personal data, and financial transactions

Notes to Applicants

A few things worth knowing before you apply:

Interviews may include technical, leadership, and DevSecOps scenario discussions. You may be asked to review a delivery pipeline, assess a cloud architecture, design an automated security control, or explain how you would introduce security without slowing down engineering teams.

Please do not include confidential information, customer data, source code, credentials, security findings, or proprietary details from current or previous employers during the interview process.

If you need accommodations at any stage of the recruitment process, please let us know in your application.

About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.

Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.

Your data
We treat your information as confidential and use it only for this hiring process.

Similar Jobs

See all Remote Software Development jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Software Development

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified