Senior DevSecOps Engineer / Security Compliance Engineer / DevOps

Nasze wymagania: Proven experience in product security, DevSecOps, security compliance, or secure software engineering. Hands-on experience with vulnerability management, including vulnerability registers, security gates, CVE monitoring, SAST/SCA triage, prioritization, and false-positive handling. Strong experience with SAST and SCA tools for C/C++ projects, including practical experience with Veracode. Practical experience preparing C/C++ codebases for static analysis. Experience with SBOM generation and common formats such as CycloneDX and SPDX. Experience with CI/CD security integration, preferably using GitHub Actions. Strong hands-on experience with GitHub as the main VCS platform, including repository migrations from SVN, Bitbucket, GitLab, or similar systems. Good knowledge of C/C++ embedded development, including embedded Linux, RTOS, bare-metal environments, build systems, and toolchains such as CMake, Make, Yocto, Buildroot, FreeRTOS, Zephyr, GCC ARM, IAR, and vendor HALs. Practical Python, Linux command line, and Bash skills for automation, tooling, and engineering support. Strong communication skills, collaborative mindset, autonomy, ownership, and ability to work across complex or legacy engineering environments. O projekcie: Together with our partner we are launching a strategic initiative focused on product security, security compliance, and scaling secure engineering practices across a diverse portfolio of products, including embedded and long-lifecycle systems. The project is centered around enabling practical security processes in software delivery, strengthening vulnerability management, integrating security tooling into engineering workflows, and ensuring repositories, build systems, and CI/CD pipelines are prepared for compliance and product security requirements. You will join a dedicated engineering team with high autonomy, strong ownership culture, and direct impact on technical direction, tooling, and delivery standards. Zakres obowiązków: Build and maintain vulnerability management processes, including centralized vulnerability tracking, ownership, traceability, CVE monitoring, triage, prioritization, and false-positive handling. Configure and operate SAST and SCA tooling for C/C++ and embedded projects, primarily using Veracode, Veracode SCA, and yocto-cve-check where applicable. Prepare C/C++ codebases for static analysis, including preprocessed sources, compilation requirements, and debug symbols. Generate and maintain SBOMs using formats such as CycloneDX and SPDX. Integrate security tooling and security gates into CI/CD pipelines, primarily using GitHub Actions, reusable workflows, and composite actions. Work with GitHub as the primary version control platform and support migrations from SVN, Bitbucket, or GitLab into GitHub. Work with heterogeneous embedded environments, build systems, and toolchains, including CMake, Make, Yocto, Buildroot, RTOS, bare-metal projects, GCC ARM, IAR, vendor HALs, and custom build environments. Use Python, Linux command line, and Bash for automation and engineering tooling. Collaborate closely with development teams and stakeholders, presenting security findings in a practical and developer-friendly way. Oferujemy: Full autonomy in shaping tooling, workflows, and engineering standards. Work on a high-impact strategic initiative in the area of product security and compliance. Exposure to a broad portfolio of products, including embedded and long-lifecycle systems. Friendly, engineering-driven culture with a strong focus on ownership. Work location in Wrocław or Gdańsk. Contract duration: 12–18 months.