DevSecOps Specialist (regular/senior) (She/He/They)

The Cyber Security team, part of Accenture Security, assists clients in securing hybrid environments and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the DevOps and SDLC process.  

THE WORK: 

• Collaborate with design and development teams to embed security principles from the start of the SDLC, fostering innovation and secure growth. 
• Support migration and transformation projects by integrating security into new technology layers and public cloud environments. 
• Design, develop, and manage CI/CD pipelines, automating security steps to improve efficiency and scalability. 
• Automate security tasks within DevOps processes using tools such as Ansible, Azure DevOps, Jenkins, and GitLab, driving continuous improvement. 
• Conduct security assessments of hybrid solutions and assist teams with securing public cloud environments (Azure, GCP, AWS). 
• Secure public cloud and microservices-based environments, ensuring compliance and resilience. 
• Protect AI-driven applications and systems throughout their entire lifecycle - from design and development to deployment. 
• Perform in-depth security reviews of API designs, source code, and deployment processes to identify and mitigate vulnerabilities. 
• Implement advanced API security platforms and real-time monitoring solutions for continuous protection. 
• Conduct comprehensive threat analyses for applications and propose effective mitigation strategies for identified risks. 
• Act as a trusted advisor to clients, providing expert guidance on secure design principles and emerging trends in cloud and application security. 
• Support clients in advancing their maturity in DevSecOps and Application Security by applying modern methodologies and AI-driven approaches. 
• Design, develop, and evolve CI/CD environments by integrating security tools such as Snyk, Veracode, Checkmarx, Opentext, WIZ, and Argo CD. 

Flexible: The work location for this role may include a mix of working remotely, onsite at a client or in an Accenture office - depending on specific project circumstances.

With all our roles, there is some in-person time for collaboration, learning and building relationships with clients, peers, leaders, and communities. As an employer, we will be as flexible as possible to support your specific work/life needs.

• Permanent employment contract.
• Individual support of a People Lead and a specific path of professional development, as well as the possibility of a session with a Coach.
• A wide training package (soft, technical, and language training offer, access to the e-learning platforms, Gallup test, GenAI training, possibility of co-financing courses, and certification).
• Employee Assistance Program - legal, financial, and psychological consultations.
• Accenture employees eligible for the Employee share purchase plan automatically become eligible for quarterly dividends if they own company shares.
• Paid employee referral program.
• Private medical care, life insurance.
• Access to the Worksmile platform (possibility of using a wide range of products and services, including the Multisport card).

• Solid understanding of cybersecurity concepts or strong motivation to deepen expertise, supported by several years of experience in IT or a DevOps-related role.  
• Hands-on experience with at least one major cloud platform: Azure, GCP, or AWS.  
• Familiarity with web application security principles, including OWASP Top 10, secure coding practices, and common attack methods (XSS, CSRF, SQL Injection), as well as frameworks such as MITRE.  
• Basic knowledge of containerization and container orchestration platforms (e.g., Kubernetes, OpenShift).  
• Practical experience with SAST, DAST, and SCA tools and their integration into CI/CD pipelines, along with understanding of authentication, authorization, and session management (SAML, OAuth, SSO).  
• Knowledge of SSDLC processes, REST API technology, and API Gateway concepts.  
• Knowledge of application and API security principles, covering secure design, development, and deployment practices.  
• Foundational knowledge of AI model architectures, memory context, prompt engineering, and integration with external services.  
• Awareness of AI-related security risks (e.g., prompt injection, data leakage, misuse) and fundamentals of AppSec.  
• Experience conducting security reviews of API designs, source code, and deployments, and implementing API security platforms and monitoring solutions.  
• Ability to integrate security into DevOps pipelines and apply SSDLC principles effectively.  
• Skilled in threat modeling and capable of proposing robust mitigation strategies for identified risks.  
• Curiosity and adaptability to explore emerging technologies, analyze documentation, and rapidly prototype innovative solutions. 

BONUS POINTS IF YOU HAVE: 

• Good knowledge of one of the selected programming languages: Java, .Net, C#, JavaScript, Go and scripting languages such as Python. 
• Ability to build and integrate solutions using Large Language Models (LLMs) such as Azure OpenAI, LangChain, REST APIs, embeddings, and vector databases. 
• Hands-on experience in creating scripts, prototypes, and micro-applications (preferably in VS Code environment). 
• Practical experience of working with DevSecOps tools from vendors like Snyk, WIZ, IriusRisk, CrowdStrike, Aqua Security, Checkmarx, Opentext, Argo CD etc. 

Research indicates that some candidates, especially the most diverse ones, may hesitate to apply for positions if they don't meet all requirements. If you believe you possess the necessary skills, even if not meeting every requirement, we wholeheartedly encourage you to submit your application.