DevSecOps Engineer

Summary

Join Pleo's Security Engineering team as a DevSecOps Engineer to scale and strengthen security practices across cloud infrastructure and CI/CD pipelines. You will define and automate guardrails, support IaC security policy enforcement, identify hardening opportunities in Kubernetes and AWS environments, and collaborate with other teams. The ideal candidate has experience implementing security checks in CI/CD pipelines, knowledge of Kubernetes and AWS security practices, and strong collaboration skills. A pragmatic approach to security and a growth mindset are essential. Pleo offers a supportive environment and opportunities for professional development. The role reports to the Head of Security Engineering.

Requirements

• Comfort with at least one programming language such as Python, TypeScript, Kotlin, or Golang, and a solid foundation in application development
• Experience implementing security checks in CI/CD pipelines, ideally automating them from code to production
• A working knowledge of Kubernetes and AWS security practices, including hardening, configuration, and troubleshooting
• A good grasp of cloud security fundamentals, including how to secure modern architectures (sidecars, microservices, service mesh), and the ability to balance tradeoffs in cost, security, and complexity
• Strong collaboration and communication skills – you’re keen to work closely with engineers, not just write policies
• A pragmatic approach to security – you understand where to introduce the right level of friction to enable rather than block
• A growth mindset – you're always learning and willing to tackle areas you’re not yet an expert in

Responsibilities

• Define and automate guardrails across our CI/CD pipelines to promote secure development at scale
• Support Infrastructure as Code (IaC) security policy enforcement and improve auto-remediation workflows
• Identify and address hardening opportunities in our Kubernetes and AWS environments
• Collaborate with DevX and SRE teams to embed security into developer tooling and day-to-day workflows
• Provide security input and coaching across engineering as part of cross-functional initiatives

Preferred Qualifications

• Proficiency in Java or Kotlin and experience securing applications running on the JVM
• Familiarity with regulatory requirements like PCI DSS, GDPR, or PSD2, especially around areas like network segmentation and authorisation models

Benefits

• Your own Pleo card (no more out-of-pocket spending!)
• Lunch is on us – with catering in our Lisbon, Copenhagen and London offices, or a monthly lunch allowance paid directly with your salary 🍜
• Comprehensive private healthcare – depending on your location, coverage options include Vitality, Alan or Médis [Remove for Germany]
• We offer 25 days of holiday + your public holidays
• Option to purchase 5 additional days of holiday through a salary sacrifice
• Wellbeing days – fully paid days off designed to help you slow down and recharge
• We use MyndUp to give our employees access to free mental health and well-being support with great success so far ❤️‍🩹
• Access to LinkedIn Learning – acquire new skills, stay abreast of industry trends and fuel your personal and professional development continuously
• Paid parental leave – we want to make sure that we're supportive of families and help you feel that you don't have to compromise your family due to work 👶