DevSecOps Engineer (Jenkins, Python)

O projekcie: 📍 Client and contract: lead international bank | B2B 🗣️ Recruitment: phone screen with our recruiter + 2 on-line meetings with hiring managers 🗺️ Hybrid work: 6 days per month from the office in Cracow Verita HR is an international company providing recruitment support within #Fintech, #Finance and #Banking market in EMEA. We connect the most innovative organizations with the best people in the market. We conduct systematic market research, which allows our Digital Teams to be a step ahead of the competition. We are looking for a highly experienced Senior DevSecOps | CI/CD Engineer to join a platform engineering team. The role focuses on designing, building and maintaining secure, efficient CI/CD pipelines and improving the organization’s software supply-chain security posture. You will work on pipeline optimization, Python tooling, artifact integrity, security scanning and mentoring engineers on DevSecOps best practices. What's in it for you? - Prestigious position at one of the world's largest banks - Stable, long-term projects - Hybrid work (6 days per month from the office in Cracow) and flexible working hours - Working with modern IT technologies - Growth and development opportunities with the possibility to move between projects - Private healthcare and multisport card - Referral program, free parking and company events Wymagania: - 7+ years engineering; 3+ in CI/CD platform or DevSecOps - Strong Jenkins + Groovy shared library expertise - Advanced Python automation (JSON/YAML processing, tooling scripts) - Deep Maven/NPM/Python packaging knowledge; exposure to Helm/Terraform and container image metadata - Supply-chain security (SLSA, CycloneDX SBOM, digests) - Experience with SonarQube, Sonatype IQ, container and SAST scanning - Proven performance tuning (caching, parallelization, dependency pruning) - Compliance Awareness Nice to have: - Artifact signing / attestations (cosign, OCI) - GitOps or release automation experience - GCP/AWS cloud experience Codzienne zadania: - Design and maintain Groovy pipeline steps (build, test, package, scan, deploy) - Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container) - Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch) - Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence modeling) - Refactor legacy scripts (remove global state, consolidate hashing, standardize templates) - Document ci-config.yaml standards and usage patterns - Mentor engineers on secure pipeline development and supply-chain practices, troubleshoot and prevent pipeline incidents