Devsecops H/F - 75

Who are we?

is a B2B2C insurance company that creates white-label insurance solutions via its Play&Plug® technology platform for more than 80 partners. We provide most of our insurance products through API, and hosts white label insurance solutions via our Play&Plug technology platform.

With a footprint spanning 32 countries and revenue of more than €900 million in 2023, mostly generated outside France, Wakam is the European leader in digital and embedded insurance.

Strongly committed to social responsibility, Wakam is a mission-driven company dedicated to enabling transparent and impactful insurance".

About the Team

Join the Digital Office at Wakam and help revolutionize the insurance industry through innovation and technology.

We are a center of expertise where cutting-edge tools meet strategic thinking. Our teams design, develop, and optimize robust digital solutions that improve efficiency and user experience - all within an Agile, collaborative, and fast-paced environment.

Your Mission

AsDevSecOps, you'll BE responsible for leading and implementing a DevSecOps approach across all teams involved in building and maintaining Wakam's digital assets. Your mission will BE to raise security maturity levels across the organisation, prioritising initiatives based on risk.

Key Responsibilities

Strategy & Assessment
- Conduct a comprehensive assessment of the current security landscape, including AI-based solutions for proactive vulnerability detection.
- Define a clear DevSecOps target and roadmap integrating AI capabilities (e.g., smart automation of controls), in coordination with the architecture committee, and support its implementation.
- Prioritise actions using a global risk-based approach (not limited to security) tailored to the company's context.
- Evaluate and optimise existing architectures based on secure, modular design principles.
- Define performance and reliability metrics for security testing.

Team Enablement
- Provide hands-on support to development and operations teams.
- Align business and technical risk perspectives.
- Train and raise awareness among teams on security best practices and the secure and ethical use of AI (e.g., compliance, bias).
- Foster a DevSecOps and AI-Driven Security culture within the organisation.

Shift-Left Security
- Promote and implement shift-left security practices.
- Initiate, evolve, and monitor early-stage security practices.
- Maximise automation of security controls and tests.
- Design and deploy fast and reliable security test suites.
- Integrate SAST, DAST, and SCA tools into CI/CD pipelines with optimised response times.
- Implement parallel testing strategies and real-time feedback loops.

End-to-End Security Involvement
- Act across the entire value chain (development, deployment, production, monitoring).
- Ensure consistency of DevSecOps practices across all teams.
- Maintain a comprehensive view of risks and opportunities.
- Promote modular architectures and secure patterns (API Gateway, Zero Trust).
- Design resilient systems with clear responsibility segregation and critical component isolation.
- Document data flows and model attack surfaces.

Automation & Tooling
- Automate security testing and code analysis.
- Deploy and configure static and dynamic analysis tools.
- Implement auto-rollback mechanisms and multi-level validation.
- Orchestrate secure deployments.
- Develop custom automation tools where necessary.

Versioning & Configuration Management
- Ensure comprehensive version control : code, infrastructure, security configurations, policies.
- Implement Infrastructure as Code (IaC) with integrated security checks.
- Manage secrets and certificates through dedicated tools (e.g., Vault).

Governance & Compliance
- Conduct regular security audits.
- Ensure compliance with standards and frameworks.
- Maintain application and risk mapping.
- Participate in defining security policies.

Monitoring & Incident Management
- Deploy security monitoring tools.
- Participate in incident response activities.
- Automate anomaly detection and incident response.
- Implement real-time security dashboards.
- Set up smart alerts and automated escalation processes.

Continuous Improvement & Innovation
- Lead a DevSecOps watch and knowledge-sharing practice.
- Evaluate and integrate new DevSecOps technologies and best practices.
- Track AI evolution in cybersecurity (LLMs, ML, anomaly detection).
- Promote innovation and safe experimentation.
- Share best practices and feedback across the community.

Who You Are
- Minimum 7 years in Software Engineering and/or Operations.
- Solid background in software development and Ops.
- Strong experience in application security and SOC environments.
- Hands-on experience in cloud production environments.
- Experience with AI-based security tools (e.g., AI SIEM, behavioural detection) is a plus.

Technical Skills :
- DEVOPS & Automation : CI/CD (Azure DEVOPS, GitHub Actions)
- Containerisation : Docker, Kubernetes
- Infrastructure as Code : Terraform, Ansible
- Cloud Platforms : Azure, AWS
- Scripting Languages : Python, Bash, PowerShell
- Application Security : OWASP, secure coding principles
- Security Tools & Approaches : SAST, DAST, SCA, vulnerability scanners
- AI in Security : Knowledge of ML/LLMs for code analysis or augmented SOC use cases

Security Expertise :
- Strong understanding of security protocols and cryptography
- Familiarity with compliance frameworks
- Hands-on experience with vulnerability scanning tools
- Deep knowledge of infrastructure security best practices

What You Bring
- Strong coaching skills : influence, pedagogy, support
- Excellent communication : able to simplify technical risks
- Technical leadership : able to drive change across teams
- High autonomy and initiative
- Strategic vision with holistic understanding of business and tech challenges
- Ability to adapt to fast-changing environments
- Passionate about AI and cybersecurity with ongoing curiosity

Why Join Wakam?

At Wakam, we're on a mission toreinvent insurance with tech, transparency, and purpose. You'll join a bold, international company where experimentation is encouraged, ideas are valued, and personal growth is supported.
- BE at the heart of tech-led transformation
- Collaborate with passionate experts across disciplines
- Enjoy a culture that promotes ownership, agility, and innovation

Hiring Process

We aim to keep the process transparent, engaging, and efficient. Here's what to expect :
- Interview with Talent Acquisition Partner
- Technical interview with Hiring Manager
- Team interview Case study
- Final Interview with VP & HR Business Partner

Recruitment Agencies :

Wakam has an in-house recruitment team, which focuses on sourcing great candidates directly.Wakam does not accept unsolicited resumes from agency or search firm recruiters.

Fees will not BE paidin the event a candidate submitted by a recruiter without an agreement in place is hired. When we do use agencies, we have a PSL in place, soplease do not contact our managers directly.