Vivasoft logo
Schedule a Call

DevSecOps Engineer

Solution Architect - Vivasoft
Top Talents
0 +

Overview

Vivasoft is looking for a seasoned DevSecOps Engineer to lead the integration of security into our delivery pipelines. This role is critical for governing the CI/CD ecosystem, automating security guardrails, and ensuring software supply chain integrity across complex, multi-environment architectures. You will be a key driver in our mission to “shift left,” working closely with engineering and security teams to build robust, secure-by-default systems for global clients.

Responsibilities:

  • CI/CD Governance: Architect and manage enterprise GitLab environments, including runner optimization, global pipeline templates, and multi-stage promotion strategies.
  • Pipeline Security (Shift Left): Implement and tune automated security gates such as SAST, DAST, secret scanning, and IaC validation for both monorepo and microservice architectures.
  • Supply Chain Security: Manage Nexus OSS repositories and promotion workflows; enforce dependency vulnerability and license compliance management.
  • Secure Standards: Implement “secure by default” practices using SBOM standards (CycloneDX/SPDX) and VEX for vulnerability management.
  • Container & K8s Security: Operate Trivy for continuous scanning across CI pipelines, registries, and Kubernetes clusters.
  • Vulnerability Management: Manage severity thresholds, triage false positives, and provide actionable remediation guidance to development teams.
  • Platform Resilience & Compliance: Administer platform lifecycle operations, including patching, backup/restore drills, and generating automated evidence packs for regulatory audits.

Requirements:

  • Strong knowledge of GitLab CI/CD, runner configuration, and pipeline orchestration.
  • Deep understanding of security scanning tools (Trivy, SonarQube, Snyk, or similar).
  • Practical experience with container security and Kubernetes orchestration.
  • Solid grasp of software supply chain security and artifact management (Nexus/Artifactory).
  • Experience with Infrastructure as Code (IaC) validation and secure configuration management.
  • Strong analytical skills and the ability to bridge the gap between development and security.
  • More than 5 years of relevant experience in DevOps or Security Engineering.

Nice to Have:

  • Certifications such as Certified Kubernetes Security Specialist (CKS) or DevSecOps Professional.
  • Experience with automated compliance-as-code tools.
  • Familiarity with financial sector security standards and regulatory audits.
  • Knowledge of cloud-native security tools in AWS, Azure, or GCP.

What We Offer

  • Opportunity to lead security transformation for high-impact global applications.
  • Collaborative and performance-driven engineering culture.
  • Exposure to modern DevSecOps frameworks and advanced security tooling.
  • Continuous learning and professional development opportunities.
  • Supportive team environment with strong technical ownership.

Job Information:

Job Location:
Dhaka
Job Type:
Full-time
Number of Vacancies:
1
Salary:
120k-150k BDT
Application Deadline:
31-03-2026

Send Us Your Resume

As we continue to grow our core values stay the same and guide us through everything we do — from hiring to helping customers

We are no longer accepting applications for this role.
Thank you for your interest.