DevSecOps Engineer (SAST/DAST/Kubernetes)
EmployeeJob Overview
Keyloop bridges the gap between dealers, manufacturers, technology suppliers and car buyers.
We empower car dealers and manufacturers to fully embrace digital transformation. How? By creating innovative technology that makes selling cars better for our customers, and buying and owning cars better for theirs.
We use cutting-edge technology to link our clients’ systems, departments and sites. We provide an open technology platform that’s shaping the industry for the future. We use data to help clients become more efficient, increase profitability and give more customers an amazing experience. Want to be part of it?
Role Summary
The DevSecOps Engineer is responsible for embedding security controls, automation, and guardrails into Keyloop’s CI/CD pipelines and platform engineering practices. This role ensures that security is integrated seamlessly into build, test, and deployment workflows, enabling engineering teams to deliver software rapidly while managing security risk effectively.
The role works closely with platform, DevOps, and application engineering teams to design scalable, automated security solutions aligned with Keyloop’s cloud-first strategy, compliance obligations, and business objectives.
Keyloop bridges the gap between dealers, manufacturers, technology suppliers and car buyers.
We empower car dealers and manufacturers to fully embrace digital transformation. How? By creating innovative technology that makes selling cars better for our customers, and buying and owning cars better for theirs.
We use cutting-edge technology to link our clients’ systems, departments and sites. We provide an open technology platform that’s shaping the industry for the future. We use data to help clients become more efficient, increase profitability and give more customers an amazing experience. Want to be part of it?
Role Summary
The DevSecOps Engineer is responsible for embedding security controls, automation, and guardrails into Keyloop’s CI/CD pipelines and platform engineering practices. This role ensures that security is integrated seamlessly into build, test, and deployment workflows, enabling engineering teams to deliver software rapidly while managing security risk effectively.
The role works closely with platform, DevOps, and application engineering teams to design scalable, automated security solutions aligned with Keyloop’s cloud-first strategy, compliance obligations, and business objectives.
Key Responsibilities
- CI/CD Pipeline Security & Automation
- Design, implement, and maintain secure CI/CD pipeline architectures across multiple technology stacks.
- Integrate security tooling into pipelines, including:
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Software Composition Analysis (SCA)
- Container image scanning
- Secrets detection
- Infrastructure-as-Code (IaC) scanning
- Define and enforce pipeline security standards, approval gates, and guardrails using policy-as-code.
- Infrastructure-as-Code & Platform Security
- Implement and maintain security controls for infrastructure-as-code frameworks (e.g., Terraform, CloudFormation).
- Validate infrastructure changes through automated security checks prior to deployment.
- Partner with platform teams to embed security controls into shared services and deployment templates.
- Container & Kubernetes Security
- Enable secure container build, registry, and runtime practices.
- Implement and maintain Kubernetes security controls, including admission control, runtime protections, and network policies.
- Support secure configuration of container orchestration platforms and supporting services.
- Developer Enablement & Remediation Support
- Work closely with engineering teams to triage, prioritise, and remediate pipeline and platform security findings.
- Reduce developer friction by automating security checks and providing clear, actionable feedback within developer workflows.
- Promote secure-by-default patterns and reusable pipeline components.
- Monitoring, Metrics & Continuous Improvement
- Monitor pipeline security posture and effectiveness of automated controls.
- Define and report on metrics such as coverage, failure rates, remediation timelines, and recurring issues.
- Continuously improve automation, tooling, and processes based on lessons learned and threat evolution.
- Incident Support & Assurance
- Support investigation and root cause analysis of incidents related to build, deployment, or platform security.
- Contribute to post-incident reviews and preventative control improvements.
- Support compliance and assurance initiatives, including NIST, ISO/IEC 27001, and SOC 2, by demonstrating automated controls and providing evidence
Essential skillsets
- 5+ years of experience in DevOps, DevSecOps, platform engineering, or security engineering roles.
- Strong hands-on experience with CI/CD platforms and automation tooling.
- Practical experience with infrastructure-as-code technologies.
- Experience securing containerised and Kubernetes-based environments.
- Familiarity with Agile, DevOps, and cloud-native delivery models.
- CI/CD pipeline design and security
- Security automation and policy-as-code
- Infrastructure-as-code security
- Container and Kubernetes security
- Cloud-native security controls
Skills & Competencies
Technical Skills
Why join us?
We’re on a journey to become market leaders in our space – and with that comes some incredible opportunities. Collaborate and learn from industry experts from all over the globe. Work with game-changing products and services. Get the training and support you need to try new things, adapt to quick changes and explore different paths. Join Keyloop and progress your career, your way.
An inclusive environment to thrive
We’re committed to fostering an inclusive work environment. One that respects all dimensions of diversity. We promote an inclusive culture within our business, and we celebrate different employees and lifestyles – not just on key days, but every day.
Be rewarded for your efforts
We believe people should be paid based on their performance so our pay and benefits reflect this and are designed to attract the very best talent. We encourage everyone in our organisation to explore opportunities which enable them to grow their career through investment in their development but equally by working in a culture which fosters support and unbridled collaboration.
Keyloop doesn’t require academic qualifications for this position. We select based on experience and potential, not credentials.
We are also an equal opportunity employer committed to building a diverse and inclusive workforce. We value diversity and encourage candidates of all backgrounds to apply.