Senior DevSecOps Engineer / Security Compliance Engineer

Nasze wymagania: Proven experience in product security, DevSecOps, security compliance, or secure software engineering. Hands-on experience maintaining and operating a vulnerability register. Practical experience implementing security gates before merge or release. Strong experience configuring and running SAST tools for C/C++ projects. Experience working with Veracode. Ability to prepare C/C++ projects for static analysis, including preprocessed source, compiler requirements, and debug symbols. Experience interpreting SAST findings, including triage, prioritization, and false-positive handling. Practical experience configuring SCA tools and monitoring CVEs in dependencies. Experience generating and maintaining SBOMs. Working knowledge of CycloneDX and SPDX formats. Experience integrating security tools into CI/CD pipelines, including GitHub Actions. Strong hands-on experience with GitHub as the main VCS platform. Experience designing and maintaining GitHub Actions workflows, including reusable workflows and composite actions. Experience migrating repositories from SVN, Bitbucket, GitLab, or similar systems into GitHub. Good knowledge of C/C++ in the context of embedded systems. Experience with build systems such as CMake, Make, and vendor-specific environments. Practical Python skills for automation and tooling. Experience with embedded Linux environments such as Yocto, Buildroot, or custom distributions. Experience with RTOS-based projects such as FreeRTOS, Zephyr, or similar. Experience with bare-metal development environments, including vendor HALs and toolchains such as GCC ARM and IAR. Good working knowledge of Linux on PC, including console and bash. Ability to work across mixed, complex, and legacy engineering environments. Strong communication skills and collaborative mindset. High autonomy and ownership. Senior level or above. O projekcie: Together with our partner we are launching a strategic initiative focused on product security, security compliance, and scaling secure engineering practices across a diverse portfolio of products, including embedded and long-lifecycle systems. The project is centered around enabling practical security processes in software delivery, strengthening vulnerability management, integrating security tooling into engineering workflows, and ensuring repositories, build systems, and CI/CD pipelines are prepared for compliance and product security requirements. You will join a dedicated engineering team with high autonomy, strong ownership culture, and direct impact on technical direction, tooling, and delivery standards. Zakres obowiązków: Build and maintain a centralized vulnerability register with proper traceability and ownership. Implement and enforce security gates before merge and release. Configure and operate SAST tooling for C/C++ projects, with Veracode as the primary scanning solution. Evaluate alternative tools only where Veracode does not meet technical or operational requirements. Prepare C/C++ codebases for static analysis, including preprocessed source, compilation requirements, and debug symbols. Interpret SAST results, including triaging, prioritization, and false-positive management. Configure SCA tools and monitor CVEs in dependencies, including solutions such as Veracode SCA and yocto-cve-check. Generate and maintain SBOMs, including formats such as CycloneDX and SPDX. Integrate security tooling such as SAST and SCA into CI/CD pipelines, including GitHub Actions. Work with GitHub as the primary version control platform across repositories. Design and maintain GitHub Actions workflows, including reusable workflows and composite actions that scale across multiple repositories. Support migration of repositories from other VCS platforms such as SVN, Bitbucket, or GitLab into GitHub, including planning, execution, and verification. Work with heterogeneous build systems, including CMake, Make, and vendor-specific build environments. Support embedded Linux environments such as Yocto, Buildroot, and custom distributions, including build processes, SBOM generation, and CI/CD integration. Work with RTOS-based projects such as FreeRTOS, Zephyr, or similar, with understanding of build systems, dependencies, and toolchains. Support bare-metal projects using vendor HALs, toolchains such as GCC ARM or IAR, and related build processes. Use Python for automation scripts and supporting engineering tooling. Work comfortably in native Linux environments on PC, including console and bash. Collaborate closely with development teams and stakeholders, presenting findings in a practical and developer-friendly way. Execute end-to-end delivery with a strong sense of ownership. Oferujemy: Full autonomy in shaping tooling, workflows, and engineering standards. Work on a high-impact strategic initiative in the area of product security and compliance. Exposure to a broad portfolio of products, including embedded and long-lifecycle systems. Friendly, engineering-driven culture with a strong focus on ownership. Work location in Wrocław or Gdańsk. Contract duration: 12–18 months.