DevSecOps Engineer

Nasze wymagania: 7+ years of engineering experience; 3+ years in CI/CD platform or DevSecOps Strong Jenkins + Groovy shared library expertise Advanced Python automation (JSON/YAML processing, tooling scripts) Deep knowledge of Maven/NPM/Python packaging; exposure to Helm/Terraform and container image metadata Supply-chain security (SLSA, CycloneDX SBOM, digests) Experience with SonarQube, Sonatype IQ, container and SAST scanning Proven performance tuning (caching, parallelization, dependency pruning) Compliance awareness Mile widziane: Artifact signing / attestations (cosign, OCI) Terraform module and Helm chart publishing patterns GitOps or release automation experience GCP/AWS cloud experience O projekcie: We are looking for a DevSecOps Engineer to design, build, and operate a Jenkins-based, developer-focused pipeline platform that enables thousands of builds per day across Java, Node.js, Python, and cloud-native workloads. Our Client's mission is to make secure delivery the default and great developer experience the norm. You will own and evolve our Client's Jenkins Shared Library, powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). Your work will deliver fast, secure, provenance-rich pipelines (SLSA, SBOM, digests) and strengthen supply chain integrity across teams. Sounds like your kind of challenge? Zakres obowiązków: Design and maintain Groovy pipeline steps (build, test, package, scan, deploy) Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch) Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence modeling) Refactor legacy scripts (remove global state, consolidate hashing, standardize templates) Document ci-config.yaml standards and usage patterns Mentor engineers on secure pipeline development and supply-chain practices Troubleshoot and prevent pipeline incidents Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 6 days per month in the office (Kraków) Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided