The Role
The DevSecOps Engineer will embed security in product development, enhance threat detection, ensure compliance, and lead team training on secure workflows.
Summary Generated by Built In
About Mistral
At Mistral AI, we believe in the power of AI to simplify tasks, save time, and enhance learning and creativity. Our technology is designed to integrate seamlessly into daily working life.
We democratize AI through high-performance, optimized, open-source and cutting-edge models, products and solutions. Our comprehensive AI platform is designed to meet enterprise needs, whether on-premises or in cloud environments. Our offerings include le Chat, the AI assistant for life and work.
We are a dynamic, collaborative team passionate about AI and its potential to transform society.
Our diverse workforce thrives in competitive environments and is committed to driving innovation. Our teams are distributed between France, USA, UK, Germany and Singapore. We are creative, low-ego and team-spirited.
Join us to be part of a pioneering company shaping the future of AI. Together, we can make a meaningful impact. See more about our culture on https://mistral.ai/careers.
Role Summary
We are seeking experienced DevSecOps Engineers to own and fostering a collaborative, automated, and efficient software development lifecycle. In this role, you will collaborate closely with product engineering teams to ensure consistent code health, accelerate development velocity through well-maintained CI pipelines, faster builds, and secure release processes. Your mission: empowering our software engineering team with seamless workflows while securing our production environments.
Location: Paris 🇫🇷 or London 🇬🇧
Reporting line: SRE Lead
What you will do
As a DevSecOps Engineer, your responsibilities will include (but may not be limited to):
Developer Experience
• Build, monitor, and enhance CI/CD pipelines to streamline development workflows and accelerate deployments.
• Design, operate and maintain scalable, reliable and secure multi-cloud infrastructures
• Identify areas for improvement and create innovative solutions that enable high developer velocity
Full-Lifecycle Security Ownership
• Oversee security from development and deployment to production monitoring.
• Evaluate and map the existing security posture to identify gaps and improvement opportunities.
• Enforce versioning for all artifacts: application code, infrastructure templates, security policies, and configurations.
• Seamlessly integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) tools with minimal latency.
• Implement IaC with baked-in security guards (e.g. Terraform with policy-as-code), manage Kubernetes RBAC, network policies, and pod security to enforce least-privilege access.
• Administer secrets and certificates via centralized tools (e.g., HashiCorp Vault, AWS Secrets Manager).
• Ensure alignment with regulatory and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).
Team Collaboration & Advocacy
• Standardize DevSecOps practices to ensure consistency across all engineering teams.
• Establish measurable KPIs for security performance, reliability, and compliance adherence.
• Partner with development and operations teams to embed security into daily workflows.
• Lead training initiatives to upskill teams on secure coding, threat modeling, and incident response.
• Champion a security-first mindset, driving cultural adoption of DevSecOps principles across the organization.
Representative projects
- Improve CI/CD and build systems
- Optimize cloud registries (Docker, Azure, GCP)
- Implement static and dynamic code analysis tool
- Implement automated vulnerability analysis
...
About you
• 5+ years of successful experience in a similar role (DevOps, DevSecOps, Platform, SRE...)
• Strong proficiency in:
- Scripting languages (Go, Python...) and software development best practices.
- Site reliability engineering: root cause analysis, in-production troubleshooting, on-call rotations...
- Infrastructure operation and automation: CI/CD, containerization, orchestration, infra-as-code, monitoring, logging, alerting, observability...
• Exposure to:
- Multi-cloud infrastructures (and ideally on- premise environments)
- Security Tools & Approaches: OWASP, SAST, DAST, SCA, vulnerability scanners
- Regulatory compliance and internal security frameworks (e.g., SOC 2, ISO 27001, CIS benchmarks).
• Proven:
- Problem-solving and communication skills — ability to contextualizing, gauging risks and getting buy-in for high stakes and impactful solutions.
- Ownership, high agency and desire to improve things for others.
- Autonomy, self-drive and ability to work well in a fast-paced startup environment.
- Low ego and team spirit mindset.
Hiring Process
• Intro Call - 30 min
• Tech Culture Interview - 30 min
• Technical Rounds - 3 x 45 min
• Culture-fit Discussion - 30 min
• Reference Calls
Location & Remote
This role is primarily based at one of our European offices (Paris, France and London, UK). We will prioritize candidates who either reside there or are open to relocating. We strongly believe in the value of in-person collaboration to foster strong relationships and seamless communication within our team.
In certain specific situations, we will also consider remote candidates based in one of the countries listed in this job posting — currently France & UK. In that case, we ask all new hires to visit our local office:
• for the first week of their onboarding (accommodation and travelling covered)
• then at least 3 days per month
What we offer
💰 Competitive salary and equity
🧑⚕️ Health insurance
🚴 Transportation allowance
🥎 Sport allowance
🥕 Meal vouchers
💰 Private pension plan
🍼 Parental : Generous parental leave policy
🌎 Visa sponsorship
Top Skills
Aws Secrets Manager
Bash
Ci/Cd
Containerization
Go
Hashicorp Vault
Kubernetes
Orchestration
Python
Terraform
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Fast, open-source and secure language models. Facilitated specialisation of models on business use-cases, leveraging private data and usage feedback.
Built from a world-class team in Europe, targeting global market. Join the team ! https://jobs.lever.co/mistral/
