(Senior) DevSecOps Engineer (all genders)

As a (Senior) DevSecOps Engineer at Deloitte Österreich, your main responsibilities will include defining the software development lifecycle with a focus on security, providing guidance on security for development projects, and creating documentation for security requirements across various types of applications. You’ll work closely with a team of experts, engage in threat modeling, security tests, and help automate existing workflows to enhance development efficiency.

To be eligible for the (Senior) DevSecOps Engineer position at Deloitte Österreich, you should have a degree in Software Engineering or Security Engineering, or equivalent knowledge. Relevant work experience in software development using languages like Java, Python, or C# is required. Familiarity with security and network testing tools, as well as certifications like CSSLP, CISSP, or CISA, will strengthen your application, but we also value talent and willingness to learn.

Absolutely! Deloitte Österreich places a strong emphasis on professional development. As a (Senior) DevSecOps Engineer, you will have access to excellent training programs aimed at helping you reach your career goals. Whether through engaging in exciting projects or attending workshops, we encourage our employees to enhance their skills and knowledge continuously.

At Deloitte Österreich, you’ll thrive in a collaborative and supportive environment. The workplace culture promotes teamwork, innovation, and flexibility, enabling you to balance your work and personal life effectively. With options for remote work and flexible hours, we prioritize the wellbeing of our employees while fostering an atmosphere for growth and learning.

The starting salary for the (Senior) DevSecOps Engineer position at Deloitte Österreich is €46,200 per year. However, your actual compensation will depend on your individual qualifications and relevant work experience. In addition, employees enjoy attractive benefits and additional perks that enhance their overall compensation package.

When answering this question, detail your previous projects where you implemented security practices at various stages of the development lifecycle. Highlight specific techniques you used, such as threat modeling or source code analysis, and discuss the impact these practices had on the success of the project.

Employers appreciate candidates who are proactive about their learning. Share specific resources you follow, such as cyber security blogs, online courses, and conferences. You can also mention any professional networks or groups where you engage with peers.

Discuss the methodologies you practice in your security testing processes, including techniques like vulnerability scanning, penetration testing, or static code analysis. Be prepared to explain why you prefer these methods based on their effectiveness and application in past projects.

Share a specific case where you faced a security breach, detailing your immediate actions to mitigate the situation, how you analyzed the breach, and the preventative measures you put in place afterward to avoid future incidents.

Provide a list of network testing tools you are familiar with, such as Nessus, Wireshark, or others, and briefly explain how you have used them in your previous roles to enhance security and mitigate risks.

Explain your process for developing security policies, including gathering input from stakeholders, aligning policies with industry standards, and ensuring policies are not just theoretical but actionable and enforceable. Your answer should reflect a balanced approach that values collaboration and compliance.

Discuss how you integrate automation into your development and security processes. You can elaborate on the benefits of automating security checks, continuous monitoring, or integrating tools within CI/CD pipelines, reducing manual efforts and increasing efficiency.

Share an anecdote that highlights your ability to collaborate with others on security challenges. Detail how you approached the problem as a team, what roles different team members played, and how your collective effort led to a successful resolution.

Answer this question by discussing current trends and challenges, such as the skills shortage in the cybersecurity field, the evolving nature of threats, or the challenges of integrating security into agile frameworks. This will demonstrate your awareness of the industry's landscape.

Emphasize your communication skills by explaining how you simplify technical jargon into relatable terms. Provide an example of how you've successfully conveyed complex information to decision-makers to help drive understanding and support for security initiatives.