Job description
🧰Who are we?
Wakam is a B2B2C insurance company that creates white-label insurance solutions via its Play&Plug® technology platform for more than 80 partners. We provide most of our insurance products through API, and hosts white label insurance solutions via our Play&Plug technology platform.
With a footprint spanning 32 countries and revenue of more than €900 million in 2023, mostly generated outside France, Wakam is the European leader in digital and embedded insurance.
Strongly committed to social responsibility, Wakam is a mission-driven company dedicated to “enabling transparent and impactful insurance”.
🚀 About the Team
Join the Digital Office at Wakam and help revolutionize the insurance industry through innovation and technology.
We are a center of expertise where cutting-edge tools meet strategic thinking. Our teams design, develop, and optimize robust digital solutions that improve efficiency and user experience — all within an Agile, collaborative, and fast-paced environment.
🎯 Your Mission
As DevSecOps, you’ll be responsible for leading and implementing a DevSecOps approach across all teams involved in building and maintaining Wakam’s digital assets. Your mission will be to raise security maturity levels across the organisation, prioritising initiatives based on risk.
Key Responsibilities
1. Strategy & Assessment
Conduct a full assessment of Wakam’s current security posture
Define a clear target state and DevSecOps roadmap with the architecture committee and lead its implementation
Prioritise initiatives using a risk-based approach tailored to our business context
Evaluate and optimise current architectures using secure, modular design principles
Define performance and reliability metrics for security testing
2. Team Enablement
Support and guide development and operations teams
Align technical risks with business impacts
Train and raise awareness on secure development best practices
Help embed a strong DevSecOps culture across the organisation
3. Shift-Left Security
Champion and implement early-stage security (shift-left)
Evolve and govern early security practices
Maximise automation of security controls and tests
Design and deploy fast, reliable security test suites
Integrate SAST, DAST, and SCA into CI/CD pipelines with optimised response times
Enable parallel testing strategies and real-time feedback loops
4. End-to-End Security Involvement
Cover the full value chain: development, deployment, production, monitoring
Ensure consistency of DevSecOps practices across teams
Maintain a holistic view of risks and opportunities
Promote modular, secure architectures (e.g. API Gateway, Zero Trust)
Design resilient systems with clear separation of duties and isolation of critical components
Document data flows and model attack surfaces
5. Automation & Tooling
Automate security testing and code analysis
Deploy and configure static/dynamic analysis tools
Implement automated rollback mechanisms and multi-level validations
Orchestrate secure deployments
Build custom automation tools as needed
6. Versioning & Configuration Management
Ensure version control across code, infrastructure, security configs, and policies
Implement Infrastructure as Code (IaC) with built-in security checks
Manage secrets and certificates via dedicated tools (e.g. Vault)
7. Governance & Compliance
Conduct regular security audits
Ensure adherence to relevant standards and compliance frameworks
Maintain an up-to-date application and risk mapping
Help define and implement security policies
8. Monitoring & Incident Management
Deploy and manage security monitoring tools
Actively participate in security incident response
Automate anomaly detection and incident response
Implement real-time dashboards and smart alerting/escalation mechanisms
9. Continuous Improvement & Innovation
Stay current with DevSecOps trends and technologies
Evaluate and adopt emerging practices
Promote controlled experimentation and innovation
Share best practices and lessons learned across the community
✨ Who You Are
7+ years in software engineering and/or operations
Solid development background (Dev or DevOps profile)
Strong hands-on experience in application and infrastructure security
Understanding of Cloud-based production environments
Experience with Security Operations (SOC) is a plus
Technical Skills:
DevOps & Automation: CI/CD (Azure DevOps, GitHub Actions)
Containers: Docker, Kubernetes
Infrastructure as Code: Terraform, Ansible
Cloud Platforms: Azure, AWS
Scripting: Python, Bash, PowerShell
Application Security: OWASP, secure coding practices
Security Tools: SAST, DAST, SCA, vulnerability scanning
Security Expertise:
Knowledge of security protocols and cryptography
Familiarity with compliance frameworks and standards
Experience using vulnerability scanning and mitigation tools
Strong infrastructure security practices
🧠 What You Bring
Strong mentoring, influence, and support skills
Excellent communicator — able to explain technical risks and concepts clearly
Proven technical leadership and change management skills
High autonomy and a proactive, solutions-focused mindset
360° vision — ability to balance security, business, and tech needs
Adaptable and comfortable in a transforming environment
🌟 Why Join Wakam?
At Wakam, we’re on a mission to reinvent insurance with tech, transparency, and purpose. You’ll join a bold, international company where experimentation is encouraged, ideas are valued, and personal growth is supported.
Be at the heart of tech-led transformation
Collaborate with passionate experts across disciplines
Enjoy a culture that promotes ownership, agility, and innovation
Benefit from flexible working arrangements — hybrid or fully remote within the UK
🏆 Hiring Process
We aim to keep the process transparent, engaging, and efficient. Here’s what to expect:
Interview with Tallent Acquisition Partner
Technical interview with Hiring Manager
Team interview Case study
Final Interview with VP & HR Business Partner
Recruitment Agencies:
Wakam has an in-house recruitment team, which focuses on sourcing great candidates directly. Wakam does not accept unsolicited resumes from agency or search firm recruiters.
Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired. When we do use agencies, we have a PSL in place, so please do not contact our managers directly.
More About Us
Check out our website to learn about the 11 cultural markers that make Wakam truly special! If you’re adventurous, impact-driven, and ready to shape the future of insurance, we’d love to meet you!
💫 What Makes Us Unique:
• True remote work flexibility with our Wakam From Anywhere (WFA) program - yes, we even have a teammate working from a sailboat! ⛵
• Flat hierarchical system promoting direct impact and autonomy 🚀
• Monthly Free.day: dedicated time for personal growth and skills development 📚
• Lunch voucher with Swile card
• A meaningful company: we became a Mission-driven company in March 2021
• Work alongside passionate experts: who will share their knowledge and help you develop and grow in your career.
At Wakam, our “Free to Impact” culture is built on four essential pillars that shape everything we do :
🗣️ Communication & Knowledge Management
• Foster transparent collaboration across our flat organizational structure
• Share knowledge freely in our highly collaborative environment
• Contribute to our collective intelligence through open dialogue
🔍 Curiosity
• Embrace our monthly Free.day for learning and skills sponsorship
• Think big and challenge conventional insurance norms
• Stay eager to learn and explore new possibilities
🔄 Continuous Improvement
• Take initiative to transform the insurance industry
• Turn challenges into opportunities for innovation
• Constantly evolve our ways of working
🎯 Outcome Oriented
• Focus on impact rather than hierarchy
• Drive results through clear objectives and autonomy
• Transform bold ideas into concrete solutions
At Wakam, we are committed to fostering an inclusive environment where diversity is celebrated. If you require any reasonable adjustments during the recruitment process, please feel free to reach out to your recruiter.
