DevOps Engineer (Security-focused / DevSecOps)
⚲ Warszawa
Do uzgodnienia
Wymagania
- DevOps
- Security
- DevSecOps
- CI/CD
Opis stanowiska
Tasks
• Design and implement security controls across applications, infrastructure, and cloud environments
• Integrate SAST, DAST, SCA, secret scanning, and container scanning into CI/CD pipelines
• Define and enforce security gates within pipelines
• Harden cloud environments, IAM, and infrastructure configurations
• Manage vulnerability lifecycle (scanning, prioritization, remediation)
• Support incident response, root cause analysis, and post-incident improvements
• Secure containers and Kubernetes environments (RBAC, runtime policies)
• Ensure compliance with standards such as ISO 27001, NIST, SOC 2
Requirements
• At least 3 years of experience in cybersecurity, DevSecOps, or a related role
• Hands-on experience with AppSec tools (SAST, DAST, SCA, secret scanning)
• Experience securing CI/CD pipelines and SDLC processes
• Experience in cloud security and infrastructure hardening
• Knowledge of containers and Kubernetes security
• Ability to work with SIEM, logs, and incident response workflows
• Knowledge of security standards (ISO 27001, NIST, SOC 2)
•
Very good command of English (B2+/C1), both written and spoken
Nice to have
• Security certifications (Security+, CISSP, CCSP, CKS)
• Experience with policy-as-code and security automation
• Knowledge of threat modeling and secure architecture
• Design and implement security controls across applications, infrastructure, and cloud environments
• Integrate SAST, DAST, SCA, secret scanning, and container scanning into CI/CD pipelines
• Define and enforce security gates within pipelines
• Harden cloud environments, IAM, and infrastructure configurations
• Manage vulnerability lifecycle (scanning, prioritization, remediation)
• Support incident response, root cause analysis, and post-incident improvements
• Secure containers and Kubernetes environments (RBAC, runtime policies)
• Ensure compliance with standards such as ISO 27001, NIST, SOC 2
Requirements
• At least 3 years of experience in cybersecurity, DevSecOps, or a related role
• Hands-on experience with AppSec tools (SAST, DAST, SCA, secret scanning)
• Experience securing CI/CD pipelines and SDLC processes
• Experience in cloud security and infrastructure hardening
• Knowledge of containers and Kubernetes security
• Ability to work with SIEM, logs, and incident response workflows
• Knowledge of security standards (ISO 27001, NIST, SOC 2)
•
Very good command of English (B2+/C1), both written and spoken
Nice to have
• Security certifications (Security+, CISSP, CCSP, CKS)
• Experience with policy-as-code and security automation
• Knowledge of threat modeling and secure architecture
🔍 Dekoder Ogłoszenia
🔴
Design and implement security controls across applications, infrastructure, and cloud environments
Oznacza, że będziesz odpowiedzialny za projektowanie i wdrażanie zabezpieczeń na wszystkich poziomach, co może być bardzo szerokim zakresem obowiązków.
🔴
Integrate SAST, DAST, SCA, secret scanning, and container scanning into CI/CD pipelines
Wymaga nie tylko znajomości narzędzi, ale także umiejętności ich praktycznego wdrożenia i konfiguracji w istniejących potokach CI/CD, co może być czasochłonne.
🔴
Define and enforce security gates within pipelines
Sugestia, że będziesz tworzyć i egzekwować zasady bezpieczeństwa w procesach deweloperskich, co może oznaczać konieczność przekonywania innych zespołów do zmian.
🔴
Support incident response, root cause analysis, and post-incident improvements
Wskazuje na konieczność reagowania na incydenty bezpieczeństwa, co może wiązać się z pracą poza standardowymi godzinami.
🟡
Very good command of English (B2+/C1), both written and spoken
Wymóg wysokiego poziomu znajomości języka angielskiego, co może być barierą dla osób, które nie czują się pewnie w komunikacji w tym języku.