Employment Type: Full-Time
NeoXam (NeoXam Company Profile) is a leading financial software company delivering cutting-edge solutions for data management, portfolio management, and regulatory compliance. With a strong global presence, NeoXam serves over 150 customers in 25 countries, processing more than - 25 trillion worth of assets daily and supporting over 10,000 users.

Committed to client success, NeoXam provides reliable and scalable solutions that help buy- and sell-side players navigate the evolving financial landscape. Backed by 800+ employees, NeoXam is headquartered in Paris with 20 offices worldwide.

Job Overview We are seeking a seasoned DevSecOps Engineer with 7-9 years of hands-on experience in implementing security best practices across DevOps workflows. The ideal candidate will have deep expertise in ISO 27001:2022, SOC 2 Type II audits, and cloud-native security tools. You will play a critical role in integrating security into CI/CD pipelines, managing identity and access, and driving compliance across infrastructure and applications.

Key Responsibilities :

- Manage and integrate authentication mechanisms including Okta, AWS Cognito, OIDC Connect, and OAuth 2.0

- Oversee security patching within release management cycles to ensure regulatory compliance

- Automate security workflows using AWS Security Hub, Inspector, Patch Manager, and EventBridge

- Use Terraform for Infrastructure as Code (IaC) to manage cloud resources securely and efficiently

- AWS key management, AWS secret management

- Cryptography

- Build and maintain automated vulnerability mitigation tasks using AWS CodeBuild

- Lead and support ISO 27001:2022 and SOC 2 Type II compliance initiatives, representing DevOps and IT in audits and assessments

- Conduct monthly internal audits for User Access Management, ensuring adherence to least privilege principles and security policies

- Design and maintain Enterprise Risk Matrices aligned with NIST, ISO, and CIS frameworks

- Develop and implement incident response policies and procedures to enhance organizational security posture

- Create detailed audit reports with actionable insights to support continuous improvement

- Collaborate with cross-functional teams to translate complex security concepts into practical solutions for technical and non-technical stakeholders

Required Skills & Qualifications :

- 7-9 years of experience in DevSecOps, Cloud Security, or IT Compliance

- Experience with identity and access management platforms (Okta, Cognito, etc.)

- Excellent communication and documentation skills

- Ability to work independently and lead security initiatives across teams

- Strong understanding of ISO 27001, SOC 2, NIST, and CIS frameworks

- Hands-on experience with AWS services, especially security tools

- Proficiency in Terraform, CI/CD pipelines, and DevOps automation

Preferred Qualifications

- AWS Security Specialty,

- Certified DevSecOps Professional

- Experience with container security, Kubernetes, or SAST/DAST tools

- Familiarity with SIEM platforms and security orchestration