Specialist: DevSecOps

Vodafone

  • Midrand, Johannesburg
  • Permanent
  • Full-time
  • 5 days ago
When it comes to putting people first, we're number 1.The number 1 Top Employer in South Africa.
Certified by the Top Employer Institute 2025.Role Purpose/Business Unit:The primary purpose of the role is the implementation and continuous improvement of the DevSecOps programme within Vodacom South Africa, ensuring alignment with the Cyber Health and Adaptive Risk Method (CHARM) control 14.2.5-A DevSecOps. In this role you will work within a team of DevSecOps professionals and collaborate with Secure by Design, Security and Enterprise Architecture and DevOps Teams to: * Implement, operation and ongoing improvement of the DevSecOps Security Chapter and Champions model across technology Development teams to create the cultural shift that will underpin the DevSecOps capability.
  • Implement automated scanning tools including SAST, SCA, DAST, and secret scanning and other more advanced security scanning capabilities.
  • Establish and maintain Appsec vulnerability management processes, ensuring critical vulnerabilities are identified, reported, evaluated, prioritized and remediated, to continuously improve the Vodacom's application security posture.
  • Assist with the standardization and security approval of CI/CD toolchains, ensuring all development tools are compliant with policy, SPDA approved and integrated with ASPM (Application security Posture Management) tool and DevSecOps processes.
This role will involve working with Busines unit, Cyber and IT stakeholders in Vodacom South Africa to implement and operate Cyber Security DevSecOps CHARM requirements - Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.Your responsibilities will include:Culture - Security Champions Programme
  • Implementation and ongoing management and improvement of the Security Chapter and Champions programme across technology teams.
  • Ensure every agile DevOps/DevSecOps team has appointed Chapter Leads and Security Champions.
  • Collaborate with DevSecOps Specialists and provide guidance to Cyber Security Officers to ensure they support Chapter Leads and Champions effectively.
  • Facilitate completion and ongoing re-evaluation of DevSecOps Maturity across DevSecOps teams.
  • Drive completion of DevSecOps Learning Pathway for all Chapter Leads and Champions.
  • Facilitate monthly Chapter meetings and feedback sessions to track progress and maturity.
  • Promote a culture of security awareness and collaboration across teams.
  • Track and report on the effectiveness of the Champions model and identify areas for improvement.
  • Support the creation and maintenance of training materials and structured learning paths.
Security-approved CI/CD Toolchain
  • Drive the migration to a standardised CI/CD pipeline using an Enterprise selected and security approved toolset in collaboration with Enterprise Architecture and Platform Engineering.
  • Discover, Identify and record all DevSecOps tooling being used by Development Teams across the organisation.
  • Maintain an inventory of tools used across teams and ensure compliance with security policies.
  • Collaborate with Platform Engineering, Enterprise Architecture, Cybersecurity and Development Teams to embed security controls in the pipeline and design secure SDLC patterns.
  • Support the implementation of SPDA-approved software applications and extensions.
  • Identified and Discovered DevSecOps tooling should be integrated with ASPM tooling and channelled through SPDA, where applicable or retired for teams to move to approved tooling.
  • Ensure security assessments are passed to and conducted by the Secure by Design on CI/CD pipelines to meet CHARM 14.2.5-A requirements.
  • Provide guidance on secure tool usage and integration across development environments.
Automated Scanning, Remediating, and Reporting of Vulnerabilities
  • Assist with the implementation of automated scanning tools including SAST, SCA, DAST, and secret scanning.
  • Support the rollout of scanning capabilities and ensure coverage across all teams.
  • Collaborate with teams to define and implement vulnerability management processes.
  • Develop and maintain real-time/near real-time vulnerability dashboards.
  • Work with Chapter Leads and Champions to continuously improve security posture and maturity.
  • Align vulnerability remediation with DevSecOps maturity to target a state where critical and high vulnerabilities are remediated prior to code release into production environments.
  • Track vulnerability debt and ensure reduction targets are met.
The ideal candidate for this role will have:
  • 3-year Technical Diploma/Degree in Information Security, Computer Science or Engineering
  • Minimum of 3-5 years of experience in Cyber Security role
  • Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS etc.
  • A deep understanding of Technology Security risks and mitigating solutions
  • A diverse security background with knowledge and experience in three or more of the Security Domains including: Security Assessment and Testing; Software Development Security; Security Governance and Risk Management; Security Architecture and Engineering; Communication and Network Security; Identity and Access Management; Security Operations; Asset Security.
  • Specialist experience in either DevSecOps, Application Security, Security Architecture or Offensive Security will be an added advantage.
  • Knowledge of operating systems such as Windows and Linux and how to secure them
  • Knowledge of and/ or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST, and Security as Code will be an added advantage
  • Be well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl ,or other, so as to collaborate competently with software engineering teams within the organization to identify and implement opportunities for improvement and automation in the CI/CD pipeline.
  • Knowledge of Cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes, and how to implement CI/CD pipelines in developer tools such as Gitlab will be an added advantage.
  • Knowledge of configuration management tools such as Chef, Puppet, and Ansible will be an added benefit.
  • Ability to work under time and resource pressure
  • An ability and desire to collaborate and communicate with a broad set of stakeholders.
  • A customer-focused, responsive, and transparent attitude
We make an impact by offering:
  • Enticing incentive programs and competitive benefit packages
  • Retirement funds, risk benefits, and medical aid benefits
  • Cell phone and data benefits, advantages fibre connection discounts, and exclusive staff discounts offered in collaboration with partner companies
Closing date for Applications: 05 September 2025.The base location for this role is Vodacom Midrand Campus.The company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates, and values diversity & inclusion.Commitment from VodacomVodacom is committed to attracting, developing and retaining the very best people by offering a flexible, motivating and inclusive workplace in which talent is truly recognized, developed and rewarded. We believe that diversity plays an important role in the success of our business and we are committed to creating an inclusive work environment which respects, values, celebrates and makes the most of people’s individual differences - we are not only multinational but multicultural too. At Vodacom you will have access to our excellent flexible benefits programme that you would expect from any global company.

Vodafone