Senior DevSecOps Engineer / Security Compliance Engineer

Wymagania: - Proven experience in product security, DevSecOps, security compliance, or secure software engineering. - Hands-on experience maintaining and operating a vulnerability register. - Practical experience implementing security gates before merge or release. - Strong experience configuring and running SAST tools for C/C++ projects. - Experience working with Veracode. - Ability to prepare C/C++ projects for static analysis, including preprocessed source, compiler requirements, and debug symbols. - Experience interpreting SAST findings, including triage, prioritization, and false-positive handling. - Practical experience configuring SCA tools and monitoring CVEs in dependencies. - Experience generating and maintaining SBOMs. - Working knowledge of CycloneDX and SPDX formats. - Experience integrating security tools into CI/CD pipelines, including GitHub Actions. - Strong hands-on experience with GitHub as the main VCS platform. - Experience designing and maintaining GitHub Actions workflows, including reusable workflows and composite actions. - Experience migrating repositories from SVN, Bitbucket, GitLab, or similar systems into GitHub. - Good knowledge of C/C++ in the context of embedded systems. - Experience with build systems such as CMake, Make, and vendor-specific environments. - Practical Python skills for automation and tooling. - Experience with embedded Linux environments such as Yocto, Buildroot, or custom distributions. - Experience with RTOS-based projects such as FreeRTOS, Zephyr, or similar. - Experience with bare-metal development environments, including vendor HALs and toolchains such as GCC ARM and IAR. - Good working knowledge of Linux on PC, including console and bash. - Ability to work across mixed, complex, and legacy engineering environments. - Strong communication skills and collaborative mindset. - High autonomy and ownership. - Senior level or above. O firmie: - Vision - Advancing Global Industries with Tech and Engineering - Our vision is to redefine the landscape of technology, driving progress with innovative solutions and the pinnacle of engineering expertise. - Mission - We harness the power of breakthrough technology with confidence and deliver practical, effective solutions. Our commitment to pushing boundaries drives us to provide our clients with innovative products and services at the cutting edge of engineering. Our dedication to excellence and fostering progress creates value through ingenuity with every project we undertake. - Values - We deliver cutting-edge, practical solutions with unwavering excellence, driven by our customer's needs and defined by our passion for engineering. Our commitment to integrity, collaboration, and sustainability ensures that every project sets new industry benchmarks and reinforces our confidence in our abilities. Zakres obowiązków: - Build and maintain a centralized vulnerability register with proper traceability and ownership. - Implement and enforce security gates before merge and release. - Configure and operate SAST tooling for C/C++ projects, with Veracode as the primary scanning solution. - Evaluate alternative tools only where Veracode does not meet technical or operational requirements. - Prepare C/C++ codebases for static analysis, including preprocessed source, compilation requirements, and debug symbols. - Interpret SAST results, including triaging, prioritization, and false-positive management. - Configure SCA tools and monitor CVEs in dependencies, including solutions such as Veracode SCA and yocto-cve-check. - Generate and maintain SBOMs, including formats such as CycloneDX and SPDX. - Integrate security tooling such as SAST and SCA into CI/CD pipelines, including GitHub Actions. - Work with GitHub as the primary version control platform across repositories. - Design and maintain GitHub Actions workflows, including reusable workflows and composite actions that scale across multiple repositories. - Support migration of repositories from other VCS platforms such as SVN, Bitbucket, or GitLab into GitHub, including planning, execution, and verification. - Work with heterogeneous build systems, including CMake, Make, and vendor-specific build environments. - Support embedded Linux environments such as Yocto, Buildroot, and custom distributions, including build processes, SBOM generation, and CI/CD integration. - Work with RTOS-based projects such as FreeRTOS, Zephyr, or similar, with understanding of build systems, dependencies, and toolchains. - Support bare-metal projects using vendor HALs, toolchains such as GCC ARM or IAR, and related build processes. - Use Python for automation scripts and supporting engineering tooling. - Work comfortably in native Linux environments on PC, including console and bash. - Collaborate closely with development teams and stakeholders, presenting findings in a practical and developer-friendly way. - Execute end-to-end delivery with a strong sense of ownership. Oferujemy: - Full autonomy in shaping tooling, workflows, and engineering standards. - Work on a high-impact strategic initiative in the area of product security and compliance. - Exposure to a broad portfolio of products, including embedded and long-lifecycle systems. - Friendly, engineering-driven culture with a strong focus on ownership. - Work location in Wrocław or Gdańsk. - Contract duration: 12–18 months.