DevSecOps Engineer

About Us

G Adventures is the world’s largest small-group adventure travel company and we’ve been making epic travel memories happen on all seven continents for over 30 years.
Our mission is simple: to change lives through travel. And not just our travelers’ either. Since day one, our tours have been built to establish meaningful relationships with local communities, directly benefiting the people and places we visit at every step of our tours.
With the demand for travel coming back strong, we are set up and excited for this next chapter in our company’s story — and we’d love for you to be a part of it.
Our DNA revolves around building, nurturing, and developing a diverse culture of people and a true sense of belonging, where everyone is encouraged to bring their authentic self to work each and every day. You’ll have the opportunity to grow your career, and yourself, alongside a passionate, talented, and welcoming community that works hard to spread goodness around the world.
If all that sounds like your kind of thing, well, we can’t wait for you to join us.

About the Role

This role requires a balance of technical expertise, strategic thinking, and collaborative communication to build secure, scalable, and reliable applications. As a DevSecOps Engineer, you will bridge the gap between development, operations, and security, ensuring that security is deeply integrated into every stage of the software lifecycle. You will be responsible for automating security processes, mitigating vulnerabilities, and fostering a security-first mindset within cross-functional teams.

This role requires strong expertise in AWS cloud security, Infrastructure as Code (IaC) principles, and container orchestration. You will be expected to have hands-on experience with Terraform, Terraform Cloud, and Ansible for infrastructure automation and configuration management. Additionally, you will focus on securing containerized environments using Amazon ECS and Kubernetes.

You will work closely with developers to embed secure coding practices, with operations to implement robust infrastructure security, and with leadership to align Information Security  initiatives with organizational objectives. Your work will directly contribute to protecting the organization’s systems, data, and reputation.

This is a hybrid role based out of South Africa, where a minimum number of days as set by the region, is required in the Cape Town office. Before you apply please consider whether this aligns to your location.

What You'll be Doing

Security Integration

• Design, implement, and maintain security practices in CI/CD pipelines to detect and mitigate vulnerabilities early in the development lifecycle.

• Collaborate with development, operations, and security teams to ensure security is integrated into every stage of the SDLC.

• Automate security testing, including static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).

• Using AWS Security tools (Guard Duty, Security Hub, Macie etc.) to secure the AWS environment and manage it day-to-day.

Infrastructure Security

• Strengthen the security posture of infrastructure by implementing Infrastructure as Code (IaC) security measures.

• Secure our systems against cyber threats, through detailed analysis of security events, incident response, vulnerability management, risk assessment and policy development.

• Manage and enforce policies for cloud security, container security, and runtime security across platforms like Kubernetes, Amazon ECS and Docker.

• Regularly assess and harden system configurations in compliance with industry best practices and frameworks.

Vulnerability Management

• Perform continuous monitoring and vulnerability scanning to identify security risks in applications and systems.

• Conduct Network and System Vulnerability assessments and documentation of corrective/remediation actions.

• Collaborate with teams to remediate vulnerabilities and manage patch deployments.

Policy and Compliance

• Ensure compliance with relevant standards such as SOC 2, ISO 27001, and PCI DSS by aligning DevSecOps practices with organizational requirements.

• Participate in security audits and assist in generating evidence for regulatory compliance.

Incident Response and Monitoring

• Work cross-functionally with other teams to implement secure systems and respond to cyber threats.

• Develop and monitor automated detection mechanisms to monitor for security threats and incidents.

• Work with the Information Security team to develop playbooks and scripts for responding to incidents.

• Be a part of the security on-call rotation

• Participate in blue-team exercises and tabletop simulations.

Collaboration and Training

• Advocate for security best practices and conduct training sessions for development and operations teams.

• Contribute to the development of security guidelines and documentation to support organizational goals.

Desired Skills & Experience

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)

• 3+ years of experience in DevOps, security engineering, or software development, with a focus on security.

• 3+ years experience with CI/CD tools such as CircleCI, GitLab CI/CD, Azure DevOps, or GitHub Actions.

• 3+ years experience with Infrastructure as Code (IaC) tools like Terraform and Ansible.

• Hands-on experience with security tools (e.g., Snyk, Wiz, Orca, OWASP ZAP, SonarQube, Checkmarx, etc).

• Expertise in cloud platforms (3+ years), with a strong focus on AWS cloud security (e.g., IAM, security groups, KMS, GuardDuty, Security Hub, and other AWS security services).

• Familiarity with container technologies (e.g., Docker, Kubernetes) and securing containerized workloads.

• Knowledge of scripting and programming languages (e.g., Python, Bash, Go, or Java).

• Understanding of threat modeling and risk assessment techniques.

• Familiarity with logging and monitoring tools such as DataDog, SumoLogic, Splunk, ELK Stack, or Prometheus/Grafana.

Desired Qualifications

• Industry certifications such as AWS Certified Security – Specialty, Certified Kubernetes Administrator (CKA), or Certified DevSecOps Professional.

• Proficiency in managing and securing serverless architectures (e.g., AWS Lambda, Azure Functions).

• Experience with Zero Trust architecture principles and implementation.

• Experience working in Agile and DevOps teams, promoting DevSecOps principles.

• Experience with the following cyber security tools would be an asset: EDR, WAF, SIEM, Log management, SAML/SSO, IAM, integrity verification, web application security testing, network access control, network intrusion prevention & detection, data protection and cloud platform security tools.

• Familiarity with Red Team/Blue Team activities, penetration testing, or ethical hacking techniques.

Key Competencies

• Strong problem-solving skills and attention to detail.

• Excellent communication and collaboration skills to work effectively with cross-functional teams.

• Ability to manage multiple tasks and priorities in a fast-paced environment.

• A passion for security, automation, and innovation.

• Able to explain complex technical solutions to non-technical staff.

• In-depth knowledge of common attack vectors and security vulnerabilities. Be able to explain common controls that can protect against these attacks confidently.

• Understanding of Cyber Security frameworks and technologies: OWASP, MITRE ATT&CK Framework, NIST, CIS, SOC2, ISO27001.

• In-depth knowledge of cloud architecture and design, able to confidently work with AWS, Azure and other cloud providers.

•  Excellent communication skills and the ability to work in a team environment spanning the globe.

What do we offer you?

• Competitive salary commensurate with the role

• Competitive benefits package 

• Birthday day off

• Vacation time for you to recharge

• Enhanced Parental Leave

• Learning and growth opportunities

• Employee Resource Groups

*Applicable based on location*

G Adventures is an equal opportunity employer committed to fostering a diverse and inclusive work environment. We consider all qualified applicants.