Senior DevSecOps Engineer

Accountabilities

• Design and implement an end-to-end Application & Infrastructure Security operating model, including ownership structures, SLAs, escalation paths, risk acceptance processes, and reporting frameworks.


• Build and maintain a robust vulnerability management program covering detection, triage, prioritization, remediation tracking, exception handling, and security metrics.


• Integrate security controls into SDLC and CI/CD pipelines, including SAST, SCA, secret scanning, container and image scanning, SBOM generation, and security quality gates.


• Strengthen software supply chain security through dependency management, artifact signing, CI/CD hardening, protected branches, and secure release practices.


• Define and implement cloud security baselines using Infrastructure as Code, including IAM policies, KMS, logging, threat detection, and cloud security monitoring tools.


• Establish Kubernetes security standards such as Pod Security Policies/Standards, network policies, RBAC reviews, admission control, and runtime security practices.


• Collaborate with engineering and platform teams to remediate vulnerabilities, reduce false positives, improve secure coding practices, and embed security-by-design principles.


• Support compliance and audit readiness efforts (including PCI DSS and similar frameworks) by preparing documentation, controls, and security evidence.


• Automate security workflows and reporting using scripting and engineering tools (Python, Bash, or Go) to improve efficiency and scalability.


• Continuously improve security tooling, policies, and processes across cloud, application, and infrastructure environments.

Requirements

• 5+ years of hands-on experience in DevSecOps, Application Security, or Security Engineering roles in production environments.


• Strong practical experience integrating security tools into CI/CD pipelines (GitLab CI, GitHub Actions, or similar).


• Expertise with security scanning tools such as SAST, SCA, secret scanning, container/image scanning (e.g., Semgrep, SonarQube, Trivy, Snyk, Grype, Gitleaks or equivalents).


• Strong understanding of CI/CD security concepts including least privilege access, protected branches/environments, secrets management, CODEOWNERS, and secure runner configurations.


• Proven experience building vulnerability management processes including triage, prioritization, SLA definition, remediation tracking, and risk acceptance workflows.


• Deep knowledge of software supply chain security including SBOMs, dependency pinning, artifact signing, provenance, and dependency risk management.


• Strong cloud security experience, ideally in AWS, including IAM, Security Groups, KMS, CloudTrail, GuardDuty, Security Hub, and network architecture.


• Hands-on experience with Kubernetes security including RBAC, network policies, admission controllers, audit logging, and runtime security concepts.


• Experience with Infrastructure as Code security (Terraform preferred) using tools like tfsec, Checkov, or policy-as-code frameworks.


• Strong automation skills in Python, Bash, or Go for building security tools, pipeline integrations, or reporting systems.


• Solid understanding of OWASP Top 10, web application vulnerabilities, and secure development practices.


• Ability to work independently, prioritize effectively, and collaborate closely with engineering, platform, and business stakeholders in a fast-paced environment.


• Experience in regulated industries such as fintech or gaming is a plus.

Benefits

• Fully remote work with flexibility to work from anywhere within compatible regions.


• Competitive compensation package aligned with experience and market standards.


• 20 paid vacation days plus public holidays and sick leave.


• Private health insurance and psychological support coverage.


• Flexible benefits budget for personal use, hobbies, sports, and lifestyle needs.


• Learning and development budget, including courses, training, workshops, and language programs.


• Corporate events, team-building activities, and professional development workshops.


• Flexible working culture focused on autonomy, trust, and work-life balance.


• Access to modern engineering practices, automation-first workflows, and cutting-edge security tooling.


• Opportunity to work on high-scale, high-impact systems in a fast-growing product environment.

Cette annonce provient de ats_lever. Voir l'annonce originale ↗