DevSecOps - Remote

🧰Who are we? 

Wakam is a B2B2C insurance company that creates white-label insurance solutions via its Play&Plug® technology platform for more than 80 partners. We provide most of our insurance products through API, and hosts white label insurance solutions via our Play&Plug technology platform.

With a footprint spanning 32 countries and revenue of more than €900 million in 2023, mostly generated outside France, Wakam is the European leader in digital and embedded insurance.

Strongly committed to social responsibility, Wakam is a mission-driven company dedicated to “enabling transparent and impactful insurance".

🚀 About the Team

Join the Digital Office at Wakam and help revolutionize the insurance industry through innovation and technology.

We are a center of expertise where cutting-edge tools meet strategic thinking. Our teams design, develop, and optimize robust digital solutions that improve efficiency and user experience — all within an Agile, collaborative, and fast-paced environment.

🎯 Your Mission

As DevSecOps, you’ll be responsible for leading and implementing a DevSecOps approach across all teams involved in building and maintaining Wakam’s digital assets. Your mission will be to raise security maturity levels across the organisation, prioritising initiatives based on risk.

Key Responsibilities

1. Strategy & Assessment

• Conduct a full assessment of Wakam's current security posture

• Define a clear target state and DevSecOps roadmap with the architecture committee and lead its implementation

• Prioritise initiatives using a risk-based approach tailored to our business context

• Evaluate and optimise current architectures using secure, modular design principles

• Define performance and reliability metrics for security testing

2. Team Enablement

• Support and guide development and operations teams

• Align technical risks with business impacts

• Train and raise awareness on secure development best practices

• Help embed a strong DevSecOps culture across the organisation

3. Shift-Left Security

• Champion and implement early-stage security (shift-left)

• Evolve and govern early security practices

• Maximise automation of security controls and tests

• Design and deploy fast, reliable security test suites

• Integrate SAST, DAST, and SCA into CI/CD pipelines with optimised response times

• Enable parallel testing strategies and real-time feedback loops

4. End-to-End Security Involvement

• Cover the full value chain: development, deployment, production, monitoring

• Ensure consistency of DevSecOps practices across teams

• Maintain a holistic view of risks and opportunities

• Promote modular, secure architectures (e.g. API Gateway, Zero Trust)

• Design resilient systems with clear separation of duties and isolation of critical components

• Document data flows and model attack surfaces

5. Automation & Tooling

• Automate security testing and code analysis

• Deploy and configure static/dynamic analysis tools

• Implement automated rollback mechanisms and multi-level validations

• Orchestrate secure deployments

• Build custom automation tools as needed

6. Versioning & Configuration Management

• Ensure version control across code, infrastructure, security configs, and policies

• Implement Infrastructure as Code (IaC) with built-in security checks

• Manage secrets and certificates via dedicated tools (e.g. Vault)

7. Governance & Compliance

• Conduct regular security audits

• Ensure adherence to relevant standards and compliance frameworks

• Maintain an up-to-date application and risk mapping

• Help define and implement security policies

8. Monitoring & Incident Management

• Deploy and manage security monitoring tools

• Actively participate in security incident response

• Automate anomaly detection and incident response

• Implement real-time dashboards and smart alerting/escalation mechanisms

9. Continuous Improvement & Innovation

• Stay current with DevSecOps trends and technologies

• Evaluate and adopt emerging practices

• Promote controlled experimentation and innovation

• Share best practices and lessons learned across the community

✨ Who You Are

• 7+ years in software engineering and/or operations

• Solid development background (Dev or undefined profile)

• Strong hands-on experience in application and infrastructure security

• Understanding of Cloud-based production environments

• Experience with Security Operations (SOC) is a plus

Technical Skills:

• undefined & Automation: CI/CD (Azure undefined, GitHub Actions)

• Containers: Docker, Kubernetes

• Infrastructure as Code: Terraform, Ansible

• Cloud Platforms: Azure, AWS

• Scripting: python, Bash, PowerShell

• Application Security: OWASP, secure coding practices

• Security Tools: SAST, DAST, SCA, vulnerability scanning

Security Expertise:

• Knowledge of security protocols and cryptography

• Familiarity with compliance frameworks and standards

• Experience using vulnerability scanning and mitigation tools

• Strong infrastructure security practices

🧠 What You Bring

• Strong mentoring, influence, and support skills

• Excellent communicator — able to explain technical risks and concepts clearly

• Proven technical leadership and change management skills

• High autonomy and a proactive, solutions-focused mindset

• 360° vision — ability to balance security, business, and tech needs

• Adaptable and comfortable in a transforming environment

🌟 Why Join Wakam?

At Wakam, we’re on a mission to reinvent insurance with tech, transparency, and purpose. You’ll join a bold, international company where experimentation is encouraged, ideas are valued, and personal growth is supported.

• Be at the heart of tech-led transformation

• Collaborate with passionate experts across disciplines

• Enjoy a culture that promotes ownership, agility, and innovation

• Benefit from flexible working arrangements — hybrid or fully remote within the UK

🏆 Hiring Process 

We aim to keep the process transparent, engaging, and efficient. Here’s what to expect:

1. Interview with Tallent Acquisition Partner

2. Technical interview with Hiring Manager

3. Team interview Case study

4. Final Interview with VP & HR Business Partner

Recruitment Agencies:

Wakam has an in-house recruitment team, which focuses on sourcing great candidates directly. Wakam does not accept unsolicited resumes from agency or search firm recruiters.

Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired. When we do use agencies, we have a PSL in place, so please do not contact our managers directly.