DevSecOps Engineer
Yubo is the Social Discovery app to make new friends and hang out online. By eliminating likes and follows, we empower our users to create genuine connections and show up as their true selves.
About This Role:
As a Confirmed DevSecOps Engineer within our Platform Engineering team, you will report to the Head of Platform Engineering and work closely with our Security Lead. Your mission is straightforward: make security part of how we build.
This role is not about manually auditing code all day, it is about industrializing security practices across the organization. You will integrate security directly into CI/CD pipelines, repositories, and developer tooling so that secure by default becomes the norm.
Your Responsibilities:
- Own and improve our code security tooling and automation, including SAST, SCA, and secret detection tools
- Enforce and evolve our DAST stack and contribute to preparing Red Team processes
- Integrate security checks and gates directly into CI/CD pipelines in close partnership with DevOps
- Reduce false positives and improve the overall quality of vulnerability signals, ensuring a positive developer experience
- Investigate alerts from multiple sources, including bug bounty programs, SIEM, and EDR
- Support IAM-related operational needs
- Contribute to the investigation and remediation of code-related vulnerabilities
- Collaborate closely with Backend Engineers to drive the adoption of secure development practices
Who you are:
- You have solid experience in AppSec, DevSecOps, or Pentester roles
- You have hands-on experience integrating SAST, SCA, DAST, and secret scanning into CI/CD pipelines
- You understand containerized environments and modern CI/CD workflows
- You are comfortable with cloud environments, ideally GCP
- You have experience handling security alerts and participating in incident response
- You focus on automation and scalability rather than manual processes
- You value pragmatic solutions over theoretical perfection
