DevSecOps Engineer – WordPress Security & Compliance

We’re looking for a DevSecOps Engineer who’s obsessed with keeping digital systems secure and stable.

Apply Now

Location

Kathmandu

Education

Bachelor's or equivalent

Experience

5+ years

No.of Vacancies

About the Role

You’ll lead Security, DevOps, and Compliance across our WordPress stack, working with our team to protect high-performing Australian websites. You’ll be key in shaping our cybersecurity posture, automating secure workflows, and ensuring we meet ISO 27001, OAIC, and internal standards.

Key Responsibilities

Security

Drive cybersecurity strategy across WordPress and agency infrastructure.
Perform regular VAPT (Vulnerability Assessment & Penetration Testing).
Conduct routine IT audits, risk assessments, and compliance gap analysis.
Harden WordPress environments against OWASP Top 10 and known threats.
Implement and manage WAFs, IDS/IPS, and malware scanning tools.
Oversee SSL/TLS, DNSSEC, DDoS protection, and encryption standards.
Manage secure access, IAM roles, and enforce least-privilege policies.
Maintain and test incident response and disaster recovery plans.
Monitor plugin vulnerabilities, zero-day threats, and core integrity.
Align all practices to ISO 27001, OAIC, and SOC 2.
Train internal teams on secure coding, data protection, and phishing prevention.

DevOps

Manage infrastructure across WP Engine, Kinsta, and AWS.
Build secure CI/CD pipelines (GitHub Actions or Bitbucket Pipelines).
Automate deployments, updates, and rollback systems.
Monitor uptime, server load, and application performance.
Set up and maintain Cloudflare, caching, and WAF/CDN configs.
Ensure infrastructure scalability, backups, and uptime SLAs.
Work closely with devs to streamline secure dev and release workflows.

Requirements & Must-Have Skills

5+ years in DevSecOps, Security Engineering, or SysAdmin roles.
Strong experience with WordPress, plugin security, and core hardening.
Deep knowledge of cybersecurity tools: WPScan, Burp Suite, Nessus, Sucuri.
Proficient with Linux, AWS, Cloudflare, CI/CD tools, and version control.
Familiar with ISO 27001, OAIC, SOC 2, or NIST frameworks.
Skilled in scripting (Bash, Python) and automation.
Bonus: ISO 27001 internal auditor or implementer certification.

Why Join Us?

Work with people who share your values and standards
Grow both personally and professionally
Positive, supportive, and friendly culture
Build high-quality websites for top Australian clients
Access to cutting-edge technologies and processes
Competitive salary with regular reviews
Breakfast and Lunch provided
Festival bonuses (pro-rata basis)
Access to non-traditional workshops and upskilling
Outdoor meetups, fun, and refreshment activities
And yes… there’s a lovely coffee spot right downstairs ☕