DevSecOps Engineer – Shape Secure, Public-Facing Digital Services Melbourne VIC | Contract | Hybrid or Remote Options
This opportunity is ideal for someone who values ownership, impact and the freedom to influence how secure digital services are built from the ground up.
The organisation is a lean, product-focused startup partnering with government to deliver secure, scalable and user-friendly public-facing technology. Its environment is greenfield, free from legacy constraints, and designed for individuals who thrive with autonomy and want to help establish strong foundations early.
What this role offers:
• The opportunity to define and strengthen the security and compliance posture of a growing tech company
• Influence over architecture, engineering patterns and secure development practices from day one
• Direct impact on how public digital services are built, secured and scaled
• Flexible work arrangements (hybrid or remote)
• A collaborative team culture with minimal bureaucracy and high ownership
• Scope to broaden expertise across DevSecOps, AWS, automation, compliance and secure application design
Where impact is made
Around 60% of this role focuses on raising the security, performance and reliability of a Python Flask application. This includes secure coding, vulnerability remediation, performance optimisation and strengthening API security.
The remaining 40% centres on infrastructure and compliance uplift, including building secure-by-default CI/CD pipelines, automating infrastructure, improving container and IAM practices, and supporting ISO 27001 and SOC 2 audit readiness.
Who will thrive in this role
Someone who enjoys:
• Embedding secure design principles into a greenfield build
• Working across the stack with broad influence rather than narrow ownership
• Leveraging AWS services like Lambda, API Gateway, IAM and S3 to build secure systems
• Automating infrastructure through Terraform or CloudFormation
• Integrating security into CI/CD and containerised workloads
• Supporting audit readiness through platforms such as Vanta
• Creating clarity through documentation and shared understanding
Experience with tools such as Snyk, Aqua, Vault or platforms like Drata/Vanta is beneficial, as are certifications (CISSP, CCSP, AWS Security Specialty). However, curiosity and sound decision-making are valued just as highly.
Why this role matters
This is a chance to influence early decisions that shape the future of secure digital services used by the public. For individuals seeking autonomy, impact and the creative challenge of a greenfield environment, this role offers a rare level of ownership.