DevSecOps Engineer

NeoXam is a leading financial software company, delivering solutions and services for 175+ customers in 25 countries worldwide.

NeoXam is committed to its clients’ success: we deliver reliable and scalable solutions, processing more than €25 trillion worth of assets per day and serving over 10,000 users.

Through its combined talents and transparent approach, NeoXam helps buy- and sell-side players address the continuous changes in the financial market industry, to grow and better serve their clients.

NeoXam relies on 8 00 + staff, is headquartered in Paris and has 20 offices across the globe.

NeoXam ( NeoXam Company Profile) is a leading financial software company delivering cutting-edge solutions for data management, portfolio management, and regulatory compliance. With a strong global presence, NeoXam serves over 150 customers in 25 countries, processing more than €25 trillion worth of assets daily and supporting over 10,000 users.

Committed to client success, NeoXam provides reliable and scalable solutions that help buy- and sell-side players navigate the evolving financial landscape. Backed by 800+ employees, NeoXam is headquartered in Paris with 20 offices worldwide.

Job Overview
We are seeking a seasoned DevSecOps Engineer with 6–8 years of hands-on experience in implementing security best practices across DevOps workflows. The ideal candidate will have deep expertise in ISO 27001:2022, SOC 2 Type II audits, and cloud-native security tools. You will play a critical role in integrating security into CI/CD pipelines, managing identity and access, and driving compliance across infrastructure and applications.

Key Responsibilities

• Manage and integrate authentication mechanisms including Okta, AWS Cognito, OIDC Connect, and OAuth 2.0
• Oversee security patching within release management cycles to ensure regulatory compliance
• Automate security workflows using AWS Security Hub, Inspector, Patch Manager, and EventBridge
• Use Terraform for Infrastructure as Code (IaC) to manage cloud resources securely and efficiently
• AWS key management, AWS secret management
• Cryptography
• Build and maintain automated vulnerability mitigation tasks using AWS CodeBuild
• Lead and support ISO 27001:2022 and SOC 2 Type II compliance initiatives, representing DevOps and IT in audits and assessments
• Conduct monthly internal audits for User Access Management, ensuring adherence to least privilege principles and security policies
• Design and maintain Enterprise Risk Matrices aligned with NIST, ISO, and CIS frameworks
• Develop and implement incident response policies and procedures to enhance organizational security posture
• Create detailed audit reports with actionable insights to support continuous improvement
• Collaborate with cross-functional teams to translate complex security concepts into practical solutions for technical and non-technical stakeholders

Required Skills & Qualifications

• 6–8 years of experience in DevSecOps, Cloud Security, or IT Compliance
• Experience with identity and access management platforms (Okta, Cognito, etc.)
• Excellent communication and documentation skills
• Ability to work independently and lead security initiatives across teams
• Strong understanding of ISO 27001, SOC 2, NIST, and CIS frameworks
• Hands-on experience with AWS services, especially security tools
• Proficiency in Terraform, CI/CD pipelines, and DevOps automation

Preferred Qualifications

• AWS Security Specialty,
• Certified DevSecOps Professional
• Experience with container security, Kubernetes, or SAST/DAST tools
• Familiarity with SIEM platforms and security orchestration