DevSecOps Engineer | Krakow

Location: Krakow, hybrid 2 days/week About the Role We are looking for a hands-on DevSecOps Engineer to own our Jenkins Shared Library ecosystem and secure the end-to-end software supply chain. You will bridge the gap between development, security, and operations—ensuring that CI/CD pipelines are not only fast and reliable but also compliant, auditable, and resistant to modern supply-chain attacks. You will work across multiple technology stacks (JVM, Node.js, Python, containers) and drive the adoption of SLSA, SBOM, and automated security controls. Key Responsibilities 1. Jenkins Shared Libraries & Pipeline Engineering • Own, maintain, and evolve the Jenkins Shared Library (Groovy) used by 50+ teams. • Design reusable, modular pipeline steps for build, test, scan, sign, and deploy. • Enforce pipeline-as-code standards and versioning for library changes. 2. Secure CI/CD & Supply-Chain Integrity • Implement SLSA compliance levels and automate SBOM generation (CycloneDX/SPDX). • Integrate SAST, DAST, and dependency scanning into pipelines (e.g., Snyk, Trivy, OWASP DC). • Manage artifact signing, provenance, and attestation (Sigstore/cosign, Notary). • Secure Maven/NPM packaging and dependency management against typosquatting and compromised registries. 3. Automation & Performance • Optimize build times through parallelization, caching, and incremental builds. • Automate compliance checks (license, vulnerability, CVE) as part of PR validation. • Develop Python automation scripts for pipeline orchestration and reporting. 4. Cloud & Container Security • Work with Kubernetes (EKS/AKS/Openshift) and container registries. • Implement admission controllers, image scanning, and runtime security policies. 5. Incident Resolution & Mentorship • Debug pipeline failures (Jenkins, Groovy, Maven, NPM, Docker). • Provide root cause analysis and blameless post-mortems. • Mentor engineers on secure coding and pipeline best practices. Required Qualifications • 7+ years overall software or systems engineering experience. • 3+ years dedicated experience in DevSecOps or CI/CD pipeline engineering. • Jenkins & Groovy: Deep expertise in writing Jenkins Shared Libraries, pipeline syntax, and configuring Jenkins controllers/agents. • Programming: Strong Python for automation; familiarity with Maven (Java) and NPM (Node.js) packaging. • Security: Hands-on experience with SLSA, SBOM generation, software signing, and dependency management. • Containers: Docker, Kubernetes, and container security scanning. • SCM: Git (GitFlow, trunk-based), GitHub/GitLab/Bitbucket. Preferred Qualifications (Nice to Have) • Experience with audits (ISO 27001, SOC2, FedRAMP, PCI-DSS) and regulated environments (finance, healthcare, govtech). • Strong ownership mindset – you act as the “last line of defense” for pipeline integrity. • Certifications: CKS, CISSP, DevSecOps Professional. • Experience with Sigstore, in-toto, Witness, or Tekton Chains. • Familiarity with ArgoCD, Vault, Kyverno, OPA.