DevSecOps Security Consultant

Nasze wymagania: Proven experience in Cybersecurity within large, regulated organizations. Deep understanding of CI/CD systems, build tools, artifact repositories, runtime environments, and developer tools. Advanced knowledge of DevSecOps practices, including pipeline security and automation of security controls. Experience in threat modeling, platform-level security assessments, and security gap remediation. Familiarity with cryptography, vulnerability management, and application/network security. Leadership & Influence: Strong skills in stakeholder management and driving alignment across distributed technology teams. Ability to articulate technical risk in business language. Mile widziane: Certifications such as CISSP, CISM, CCSP, CCSK. Knowledge of Cloud Security (AWS, GCP, Azure) and container orchestration (Kubernetes). Experience with supply chain security frameworks (SLSA, SBOM) and secure developer tooling. O projekcie: Are you passionate about cybersecurity, engineering excellence, and DevSecOps practices? We are looking for an experienced DevSecOps Security Consultant to shape the security posture of engineering platforms at one of the world’s leading financial institutions. This is your opportunity to define scalable security frameworks, uplift maturity across CI/CD platforms, and enable secure digital delivery at enterprise scale. Sounds like your kind of challenge? Zakres obowiązków: Framework & Assessment: • Develop an Engineering-Platform Cybersecurity Maturity Framework for standardized assessments. • Conduct security assessments of CI/CD pipelines, runtime environments, build infrastructures, and developer tools against the framework. • Perform threat modeling, gap analysis, and identify systemic vulnerabilities impacting code integrity and workload security. Engineering Platform Security Enablement: • Define and enforce secure architecture patterns, policy-as-code, and automated security controls. • Partner with platform owners to remediate critical gaps and implement scalable solutions for secure artifact integrity, access management, and configuration hardening. • Integrate vulnerability management, SBOM generation, provenance, and code-signing into DevOps workflows. Strategic Roadmap: • Build security roadmaps balancing quick wins and long-term improvements. • Prioritize initiatives based on business risk and compliance requirements. Governance & Stakeholder Management: • Serve as a trusted cybersecurity advisor to platform owners, engineering teams, and senior leadership. • Influence adoption of secure engineering practices across federated teams. Continuous Improvement: • Track maturity metrics and drive measurable security improvements. • Evolve frameworks based on emerging threats, technology shifts, and regulatory changes. Note: Detailed project information will be shared during the recruitment process. Oferujemy: Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) Hybrid work setup – 6 days a month from the office in Kraków Collaborative team culture – work alongside experienced professionals eager to share knowledge Continuous development – access to training platforms and growth opportunities Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more High quality equipment – laptop and essential software provided