Senior DevSecOps Engineer

Warsaw - Poland

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

Pipeline Security & Automation

Design implement and maintain security testing tools within our CI/CD pipelines (GitLab CI).

Review and tune our deployment : SAST (Static Application Security Testing) DAST (Dynamic AST) and SCA (Software Composition Analysis) tools to catch vulnerabilities before deployment.

Ensure fail-fast mechanisms are in place so developers receive immediate feedback on security regressions.

Threat Modeling & Architecture

Lead Threat Modeling workshops with engineering teams during the design phase of new features.

Advocate for Security by Design principles helping developers understand potential attack vectors and mitigation strategies.

Review Infrastructure as Code (Terraform) templates to ensure secure cloud provisioning.

SIEM & Observability

Review and optimize the current SIEM (Security Information and Event Management) implementation.

Evaluate log ingestion strategies to ensure we are capturing the right data without noise.

Develop and refine correlation rules and alerts to detect anomalies intrusions or policy violations effectively.

Culture & Compliance

Act as a subject matter expert for developers providing guidance on remediation of security findings.

Assist in maintaining compliance with industry standards (e.g. SOC2 ISO 27001 GDPR) through automated controls and evidence gathering

220 zł - 250 zł an hour

Experience: 3-5 years in DevOps Security Engineering or a related field.

Previous background in software development.

Pipeline Proficiency: Strong experience with CI/CD tools (Gitlab CircleCI GitHub Actions) and containerization (Docker/Kubernetes).

Experience with infrastructure as code tooling : Terraform Pulumi CloudFormation

Scripting: Proficiency in Python Go or Bash for automation.

Security Tooling: Hands-on experience implementing tools like Snyk.

SIEM Expertise: Experience managing or configuring SIEM platforms (e.g. Splunk ELK Stack Datadog Security Sumo Logic).

Cloud Security: Solid understanding of AWS security services (IAM VPC GuardDuty Security Hub etc.).

Nice to have :

Experience with Policy as Code tools (e.g. OPA - Open policy agents)

Certifications such as CISSP CCSP or AWS/Azure Security Specialist.

We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.

Required Experience:

Senior IC

Pipeline Security & AutomationDesign implement and maintain security testing tools within our CI/CD pipelines (GitLab CI). Review and tune our deployment : SAST (Static Application Security Testing) DAST (Dynamic AST) and SCA (Software Composition Analysis) tools to catch vulnerabilities before dep...