Devsecops Engineer (Brisbane) (Brisbane City)

Reapit – Who are we? Reapit is the original, end‑to‑end business technology provider for estate agencies of all sizes. We have been helping sales and lettings agents build relationships and grow their businesses for more than 25 years. Our technology connects property professionals in Europe, the Middle East, Australia, and New Zealand with buyers, sellers, tenants and landlords to power relationships that change lives. In Australia, Reapit stands as the preferred technology choice among the nation's leading estate agents and agencies, providing leaders with unparalleled tools across sales, property management, client relations and data analytics. What you'll be doing Reporting directly to the Head of DevOps in Australia, you will play a critical role in strengthening and maturing Reapit's cloud security posture. Your work will span security engineering, deep incident response, proactive threat detection and collaboration with global teams. You will work closely with the CISO and Security team to align with Business Security requirements. Security Engineering & Cloud Security
- Write rules (Policy as Code) that automatically block any infrastructure that does not meet company security standards.
- Create scanning templates for DevOps teams to check misconfigurations in Terraform, Jenkins, CDK, etc.
- Conduct ongoing security assessments, configuration reviews and audits of AWS environments to identify vulnerabilities and recommend remediation.
- Implement and maintain cloud security controls aligned to ISO***** , NIST and cloud security best practices.
- Develop security automation tooling, scripts and infrastructure as code processes to streamline security operations such as CI/CD.
- Work in a self‑managing, proactive manner – anticipating security needs, identifying gaps and driving improvements without close supervision. Incident Response & Threat Detection
- Respond to SOC alerts for an outsourced SOC.
- Lead and participate in global incident response activities, including investigation, containment, eradication and recovery.
- Perform advanced log analysis, digital forensics and threat validation using AWS native and third‑party tooling.
- Monitor AWS/Azure and application security alerts, responding quickly and decisively.
- Participate in out‑of‑hours shifts when required (time in lieu given), including early‑morning collaboration with Australia‑based teams and responding to major incidents.
- Document all incident activity clearly and thoroughly in tickets, knowledge bases and post‑incident reports.
- Carry out threat models and review log ingestion and alerting with the SOC.
- Work with the Security team to build playbooks. Security Collaboration & Enablement
- Provide expert guidance and mentorship to development, engineering and operations teams.
- Collaborate across multiple time zones, contributing proactively and reliably to global security initiatives.
- Stay ahead of emerging cloud threats, AWS security tooling and defensive techniques, champion their adoption across the organisation.
- Produce transparent, detailed and structured documentation for tickets, processes, runbooks and security standards. Who we're looking for
- Minimum 5 years of hands‑on experience in DevSecOps within an AWS‑focused environment.
- Strong technical proficiency across AWS services, including IAM, VPC, EC2, S3, RDS, Lambda and core networking concepts.
- Deep, practical experience in incident response – including digital forensics, log analysis, threat detection and handling security incidents end to end.
- Experience with AWS security tooling such as Security Hub, GuardDuty, Detective, CloudTrail, CloudWatch, Inspector and related cloud‑native controls.
- Practical experience with scripting (Python preferred) and Infrastructure as Code tooling such as Terraform.
- Solid understanding of ISO***** , NIST CSF and cloud security best practices.
- AWS Certified Security – Specialty (preferred).
- Exposure to threat intelligence, cloud forensics or advanced SOC workflows.
- Experience working in a global or distributed team. Behaviours & Mindset
- Highly self‑managing, able to take ownership of work, prioritise effectively and drive tasks to completion with minimal oversight.
- Proactive in identifying security gaps, recommending improvements and staying ahead of emerging threats.
- Strong attention to detail, especially in technical execution, documentation and ticketing.
- Excellent communication skills, able to work with both technical and non‑technical teams across multiple time zones.
- Comfortable participating in out‑of‑hours incident response when required. What your impact and success looks like
- Within 1 month: Familiarity with Company Policies and Security Infrastructure; AWS Security Best Practices and business setup; integration into DevOps workflow.
- Within 3 months: Security Incident Handling and Remediation; Security Automation and Tooling; Security Compliance and Auditing; collaboration with Development Teams; POC of SOAR platform complete with Security team.
- Within 6 months: Continuous Improvement Initiatives; Security Incident Management; SOAR platform complete and global rollout initiated. Benefits Flexible Working Policy – you may determine where you work from, whether from home or in the Sydney or Brisbane offices, and how often, with a recommended balanced approach. Equal Employment Opportunity We are committed to Equal Employment Opportunity through attracting and retaining a complementary team of employees and building an inclusive environment for all. #J-18808-Ljbffr Apply on Kit Job: kitjobau.com/job/3rspk3