Heirs Holdings is an African proprietary investment company, with a track record of success and a firm belief in the opportunities that Africa offers. We are known for executing successful corporate turnarounds, and for our ability to identify growth opportunities, incubate new businesses and nurture them to maturity. As active investors, we aim to transform...
Read more about this company
The DevSecOps Evangelist is the cultural and educational force behind this platform's engineering standards. Where the DevSecOps Engineers build and operate the pipelines, you make sure every engineer across every team understands, embraces, and actively applies the practices those pipelines enforce. You sit across all five delivery lanes — Architect, Develop, Secure, Ship, and Support — and your mandate is to make DevSecOps the instinct, not the instruction. This is a critical, cross-functional role for someone who is as technically credible as they are compelling.
What You'll Do
DevSecOps Culture & Strategy — Own the platform's DevSecOps culture programme — defining what engineering excellence looks like across security, quality, automation, and delivery speed, and building the strategy to embed it across every team. Work with the Platform Manager to align the culture programme with platform delivery goals and make DevSecOps the shared operating philosophy of the entire engineering organisation.
Education & Enablement — Design and deliver a continuous engineering enablement programme — including workshops, onboarding sessions, lunch-and-learns, and hands-on labs — that brings every engineer on the platform up to and beyond the DevSecOps standard. Partner closely with the DevSecOps Engineers to translate technical pipeline controls into accessible, actionable learning. No engineer should ever cite lack of knowledge as the reason a standard was missed.
Standards Stewardship — Own the platform's DevSecOps standards documentation — maintaining it as a living, accessible, and authoritative reference for how engineering is done on this platform. Ensure documentation covers CI/CD pipeline usage, security gate requirements, IaC practices, container standards, secrets handling, and dev container setup. Make it clear, opinionated, and easy to follow.
Pipeline & Tooling Adoption — Drive active adoption of the platform's CI/CD tooling, security gates, AI-powered code review and testing agents, and developer environment standards across all engineering teams and contributors. Identify adoption gaps early, work with the DevSecOps Engineers to remove friction, and track adoption rates to ensure no team is operating outside the standard.
Shift-Left Security Advocacy — Champion the principle that security is everyone's responsibility and belongs at the beginning of every development conversation — not the end. Run targeted security awareness initiatives across engineering teams. Work with the Platform Manager (Security) to translate security requirements into engineering habits, and ensure every contributor understands the security implications of the code they write.
DORA Metrics & Maturity Tracking — Track, baseline, and report on DevSecOps adoption and engineering maturity across the platform — using DORA metrics (deployment frequency, lead time, change failure rate, MTTR) and qualitative signals from team engagement. Identify teams and practices that need targeted support and use data to demonstrate the impact of the culture programme over time.
Community of Practice — Build and run a DevSecOps community of practice across the engineering organisation — creating the forums, rituals, and channels through which engineers share learnings, surface problems, celebrate wins, and continuously raise the standard together. Keep the community active, inclusive, and technically grounded.
Innovation & Emerging Practices — Continuously track the evolving DevSecOps landscape — including AI-assisted development tools, emerging pipeline security standards, supply chain frameworks, and industry best practices. Identify and pilot innovations that could meaningfully raise the platform's engineering standards, and build the case for adoption where the evidence supports it.
Cross-functional Influence — Operate across all five delivery lanes — Architect/Design, Develop, Secure, Ship, and Support — building trust and credibility with every team on the platform. You are not a gatekeeper; you are a force multiplier. Your influence should make the teams around you faster, safer, and more confident in how they build.
Executive Reporting — Report regularly to the Platform Manager on the state of DevSecOps adoption, culture programme progress, maturity trends, and areas of concern. Provide clear, evidence-based narratives that allow leadership to understand where the platform's engineering culture is strong and where focused investment is needed.
What We're Looking For
Must Have
5+ years of experience in software engineering or DevSecOps, with a strong enough technical foundation to teach, guide, and credibly challenge engineers across architecture, cloud, pipelines, and security.
Proven experience driving engineering culture change in a large, complex organisation — shifting mindsets, embedding new practices, and sustaining adoption beyond initial rollout.
Deep familiarity with CI/CD pipelines and DevSecOps tooling — GitHub Actions, Azure DevOps Pipelines, GitLab CI, or Jenkins — and the ability to explain them clearly to engineers at every level of experience.
Strong working knowledge of shift-left security principles and the tooling that enforces them — SAST, DAST, SCA, secrets detection, container scanning (Trivy), and dependency vulnerability management (Snyk).
Excellent communication, facilitation, and teaching skills — you can hold a room, run a workshop, write documentation that people actually read, and make complex technical concepts accessible without oversimplifying them.
Hands-on experience with Infrastructure as Code (Terraform, Ansible, Bash), containerisation (Docker), and cloud-native development practices — you must understand what you are evangelising.
Nice to Have
Experience with DORA metrics, DevOps maturity models, or engineering effectiveness frameworks — and a track record of using data to demonstrate cultural and process improvement.
Familiarity with AI-assisted development and testing tools — including AI code review agents, AI-powered test generation, and their integration into CI/CD pipelines.
Public presence in the DevSecOps or engineering community — conference speaking, technical writing, open-source contributions, or community leadership.
Experience in fintech, banking, or a regulated environment — with an understanding of how compliance requirements shape engineering practice.
AWS and/or Microsoft Azure certification — any track relevant to cloud-native development or DevOps.
What is Executive Recruitment and How Does it Work?In this guide, you'll learn what executive recruitment is, how the executive recruitment process works, why it differs from traditional recruitment, and how organisations can successfully hire executives who drive lasting business growth.
How to Build a Retention Strategy that WorksIn this article, you’ll learn how to build a retention strategy that works and keeps your employees invested in your organisation's success.