DevSecOps Engineer

We are seeking an experienced and proactive DevSecOps Engineer to build upon and enhance our cloud security posture and automate our development lifecycle. As a key member of our technical team, your primary responsibility will be to own, manage, and improve our secure infrastructure and CI/CD processes on AWS. You will be a hands-on contributor, expected to work independently on core DevSecOps initiatives while also providing required support for our broader IT administration and cybersecurity functions. This role is ideal for a mid-level professional looking to make a significant impact in a modern, cloud-native environment.

Responsibilities:

Primary Responsibilities – DevSecOps & Cloud Security

• Secure CI/CD pipelines (GitLab CI or similar) with automated testing (SAST, DAST, SCA).
• Build and maintain secure AWS infrastructure using Terraform (IaC).
• Harden Docker environments with image scanning, runtime protection, and secure configs.
• Configure and manage Datadog Cloud SIEM for monitoring, threat hunting, and incident response.
• Drive "security as code" principles with reusable tools and patterns.
• Perform security-focused code reviews and guide developers on remediation.
• Lead security architecture reviews and AWS service hardening (IAM, VPC, EC2, RDS, Lambda, etc.).

Supporting Responsibilities – IT Admin & Cybersecurity

• Maintain our ISO 27001-aligned ISMS using Drata for automation and evidence collection.
• Manage user access and lifecycle via Okta, JumpCloud, and SaaS platforms.
• Provide escalation support for cloud-related IT issues and assist with incident response.
• Contribute to vulnerability management, security awareness, and audit readiness

Skills:

• 3+ years in DevSecOps, Cloud Security, or a similar hands-on technical role.
• Proven experience securing AWS environments (IAM, VPC, GuardDuty, Security Hub, KMS).
• Strong proficiency with Terraform and Infrastructure-as-Code.
• Solid experience with CI/CD tools and integrating security testing.
• Hands-on experience securing Docker workloads.
• Scripting skills in Python, Bash, or PowerShell.
• Familiarity with Datadog for observability and threat detection.
• Deep understanding of secure coding practices and OWASP Top 10.
• Experience supporting ISO 27001 compliance and using tools like Drata.
• Skilled in managing identity providers (Okta, JumpCloud) and SaaS platforms.
• Excellent problem-solving skills and ability to work independently.

About Flip

At Flip, we have a clear vision to create insurance that people love, we're a start-up backed by HCF, Australia's largest not-for-profit health insurer. We specialise in affordable, on-demand, accidental injury cover offering lightning fast protection for common injuries. We operate in Australia and selected countries overseas, allowing users to pay by the day, week, or subscribe monthly. as part of our dynamic team, you'll contribute to reshaping insurance for the young and active demographic.

Culture & Benefits

Wellness and work-life balance

We'll empower you with the necessary skills and tools to support your personal wellbeing journey, ensuring you perform at your best. Our offerings include:

• 50% subsidy on HCF hospital and/or extras cover
• 18 weeks of parental leave for all new parents
• Mental health and wellbeing programs, including workshops, fitness classes, flu vaccinations, skin checks and more
• Discounts on HCF's products, including life, pet and travel Insurance, as well as discounts at Fitness First gyms and on our eyecare products.

Collaboration and inclusivity

We embrace diversity as our strength and are committed to maintaining an inclusive and collaborative work environment. Our workplace is welcoming and safe for all our employees, irrespective of their unique characteristics including age, ethnicity, cultural or spiritual background, gender identity, disability, education and socio-economic status.

Continuous learning and growth

We believe in lifelong learning and provide opportunities for personal and professional development. From workshops to mentorship programs, we encourage your growth and curiosity.

Next steps

If you require any adjustments to assist you in making your application or during the recruitment or onboarding process, please reach out to Talent Acquisition –

to discuss.

We encourage applicants to submit their applications at their earliest convenience, as at HCF, we review applications as they are submitted, and may have filled the role prior to the job closing date.