Position: Cybersecurity DevOps Engineer - 12 Months Fixed Term role.
Datacom Location: Anywhere in Australia
Security Requirements: AU Citizens and Residents Only
Full Time, 12 Months Fixed-Term Position.
Our Why
Datacom works with organisations and communities across Australia and New Zealand to make a difference in people’s lives and help them to use the power of tech to innovate and grow.
About the Role (Your Why)
As a Cybersecurity DevOps Engineer, you will play a key role in delivering Datacom's cybersecurity uplift programme by embedding security controls into our software development and infrastructure delivery platforms.
Working at the intersection of cybersecurity, software engineering and platform operations, you will design and implement secure-by-default practices across our GitHub ecosystem, CI/CD pipelines, Infrastructure as Code (IaC) platforms and cloud environments.
This role is focused on automation, security engineering and continuous improvement. You will help build the security guardrails that enable development teams to deliver quickly and safely while ensuring compliance with organisational policies and security standards.
You will work closely with developers, architects, platform engineers, system administrators and security specialists to uplift our DevSecOps capabilities, automate compliance activities and improve the security posture of both cloud and on-premises environments.
Our offices are based in Brisbane. We like to bring people together in person when we can, but we are mindful of the benefits of working from home for work/life balance. We therefore leave it to you and the team you join to decide what works best.
What You'll Do
At the moment, as a Cybersecurity DevOps Engineer, you will be focused on:
-
Designing, implementing and improving enterprise DevSecOps practices across development and infrastructure teams
-
Building and maintaining secure CI/CD pipelines that incorporate automated security controls and quality gates
-
Administering and governing GitHub repositories, workflows and security controls
-
Implementing security controls through Infrastructure as Code (IaC) and platform automation
-
Developing and maintaining Policy as Code capabilities to enforce security, compliance and organisational standards
-
Integrating and managing security tooling, including SAST, software composition analysis and vulnerability scanning capabilities
-
Supporting and enhancing our application security platforms, including Aikido and related security tooling
-
Establishing controls to detect, report and remediate configuration drift across cloud and infrastructure environments
-
Implementing software supply chain security controls and secure development practices
-
Designing and delivering automation workflows using tools such as GitHub Actions, n8n and other orchestration platforms
-
Automating security assurance activities including peer review enforcement, repository governance, branch protections and security review processes
-
Supporting developers and delivery teams to adopt secure software development lifecycle (SSDLC) practices
-
Working with security and governance teams to translate security requirements into automated technical controls
-
Participating in architecture reviews, code reviews and solution design activities
-
Supporting cybersecurity governance, risk management and continuous improvement initiatives
-
Contributing to security uplift projects and operational excellence programmes across the organisation
We are an agile organisation and continuously evolve to meet customer, technology and business needs. This means the role will continue to grow alongside our platforms, services and security capabilities.
What You'll Bring
Required Experience
-
5+ years' experience in DevOps, DevSecOps, Platform Engineering, Security Engineering, Site Reliability Engineering or a similar role
-
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Software Engineering or related discipline
-
Strong understanding of modern DevSecOps principles and secure software development lifecycle (SSDLC) practices
-
Demonstrated experience designing and supporting CI/CD pipelines in enterprise environments
-
Strong experience with GitHub, GitHub Actions and repository governance practices
-
Hands-on experience implementing Infrastructure as Code using technologies such as Terraform, Bicep, CloudFormation or equivalent
-
Experience implementing and maintaining Policy as Code controls and automated compliance frameworks
-
Experience integrating security controls into software delivery pipelines
-
Experience working with application security tooling including SAST, software composition analysis, secret detection and vulnerability management platforms
-
Strong understanding of cloud security principles across Azure, AWS and GCP
-
Experience designing and implementing automation solutions that improve operational efficiency and security outcomes
-
Experience identifying, monitoring and remediating configuration drift across infrastructure environments
-
Strong knowledge of cybersecurity principles, identity security, infrastructure security and cloud security
-
Familiarity with security frameworks including ISO 27001, NIST CSF, ACSC Essential Eight, MITRE ATT&CK and government security frameworks
-
Strong analytical, troubleshooting and problem-solving skills
-
Excellent stakeholder engagement, communication and collaboration skills
-
Ability to mentor team members and promote DevSecOps best practices across engineering teams
-
Commercial awareness with an understanding of project delivery, operational outcomes and continuous improvement
Nice to Have
-
Experience with Aikido or similar application security platforms
-
Experience implementing secure software supply chain programmes
-
Experience with Open Policy Agent (OPA), Azure Policy, HashiCorp Sentinel or equivalent Policy as Code technologies
-
Experience implementing repository governance at scale
-
Experience using automation and orchestration platforms such as n8n, GitHub Actions, Power Automate or similar technologies
-
Experience managing enterprise GitHub environments
-
Experience with software assurance activities including SBOM generation and dependency management
-
Experience within a managed services or Tier 2 service provider environment
-
Cloud certifications from AWS, Microsoft Azure or Google Cloud
-
Security certifications such as CISSP, CISM, CCSP, CSSLP, GCSA or relevant SANS certifications
-
Experience with container security, Kubernetes and cloud-native security controls
Why Join Us Here at Datacom?
Datacom is one of Australia and New Zealand’s largest suppliers of Information Technology professional services. We have managed to maintain a dynamic, agile, small business feel that is often diluted in larger organisations of our size. It's our people that give Datacom its unique culture and energy that you can feel from the moment you meet with us.
We care about our people and provide a range of perks such as social events, chill-out spaces, remote working, flexi-hours and professional development courses to name a few. You’ll have the opportunity to learn, develop your career, connect and bring your true self to work. You will be recognised and valued for your contributions and be able to do your work in a collegial, flat-structured environment.
We operate at the forefront of technology to help Australia and New Zealand’s largest enterprise organisations explore possibilities and solve their greatest challenges, so you will never run out of interesting new challenges and opportunities.
We want Datacom to be an inclusive and welcoming workplace for everyone and take pride in the steps we have taken and continue to take to make our environment fun and friendly, and our people feel supported.
Requirements
Benefits