DevSecOps Specialist

What if security was embedded in every commit, every build, and every release by design? As a DevSecOps Specialist at Coveo, you’ll make that vision real by integrating security seamlessly into our continuous integration and continuous delivery (CI/CD) pipelines and cloud infrastructure.

You’ll transform security from a checkpoint into an accelerator, building automation and self-service tooling that empower developers to ship confidently. If you’re passionate about scaling secure software delivery in the cloud, this is where you’ll have real impact.

• Design and maintain security automation across CI/CD pipelines, embedding controls and security gates without slowing delivery.
• Build and operate infrastructure-as-code (IaC) pipelines with security built in, managing secrets, identity and access management (IAM) policies, and hardened configurations at scale.
• Integrate and evolve vulnerability management workflows, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and container scanning.
• Automate compliance checks and policy enforcement across Amazon Web Services (AWS) environments to ensure continuous alignment with security standards.
• Design and maintain access management automation to provision, audit, and monitor access to infrastructure and sensitive resources.
• Partner with engineering and platform teams to make security tooling intuitive, scalable, and developer-friendly, reducing friction across the delivery lifecycle.

• Strong hands-on experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, or similar) and embedding security controls directly into pipelines.
• Proficiency in Python or other scripting languages to build reliable automation and integrations.
• Practical experience securing and automating cloud environments (AWS preferred), including compute, storage, networking, and Kubernetes.
• Deep understanding of DevSecOps toolchains, including container security, secrets management, infrastructure-as-code scanning, dependency analysis, and vulnerability remediation workflows.

• Advanced experience with Terraform for security-focused infrastructure, including IAM roles, encryption keys, and network controls.
• Hands-on experience with Kubernetes security, including role-based access control (RBAC), network policies, admission controllers, or image signing.
• Experience implementing compliance-as-code frameworks such as Open Policy Agent or AWS Config Rules.
• Relevant certifications such as AWS Security Specialty, Certified Kubernetes Security Specialist (CKS), or similar credentials.

Do you think you can bring this role to life? Send us your application, we want to hear from you!

Join the Coveolife!

We encourage all qualified candidates to apply regardless of, for example, age, gender, disability, gaps in CV, national or ethnic background.

This job description was written by humans, assisted by AI. We may leverage technology in our hiring process to help us see the person behind the resume.

Coveo is committed to providing accessible employment practices. If you require accommodation due to a disability at any point during the recruitment process, please contact [email protected] to discuss your needs.