DevSecOps Service Owner

DevSecOps Service Owner 

Team description:  
We build and maintain the middleware systems that support Toyota’s digital systems and mobility solutions.   
Our work supports multiple applications used for in‑car multimedia services, EV charging platforms, factory digitalization, data‑driven projects and online sales technologies.  
By ensuring continuous service availability and integrating key tools, we enable teams across Europe to develop and operate digital solutions reliably. 
 
Role Summary 
The DevSecOps Service Owner is accountable for the strategy, reliability, security, and continuous improvement of the organization’s DevSecOps platform and services. This role ensures secure-by-design software delivery by embedding security controls, automation, and governance across the SDLC. The Service Owner balances platform reliability, developer experience, risk reduction, and cost efficiency while partnering closely with Engineering, Security, and Operations teams. 
 
Key Responsibilities 
 
Service Ownership & Strategy 
• Own the end-to-end DevSecOps service lifecycle (design, build, run, improve). 
• Define and maintain the DevSecOps service roadmap aligned with business and security priorities. 
• Establish service standards, guardrails, and reference architectures. 
• Ensure the platform scales to support organizational growth and cloud adoption. 
Secure SDLC Enablement 
• Embed security controls into CI/CD pipelines and developer workflows. 
• Drive adoption of secure coding, SAST, DAST, SCA, secrets scanning, and container security. 
• Define and enforce security gates and quality thresholds. 
• Partner with AppSec and Security teams on risk management and remediation workflows. 
Platform Reliability & Operations 
• Ensure high availability, performance, and resilience of DevSecOps tooling and pipelines. 
• Define SLAs/SLOs and monitor service health. 
• Lead incident management and root cause analysis for platform issues. 
• Manage upgrades, capacity planning, and technical debt. 
Governance, Risk & Compliance 
• Ensure DevSecOps processes meet internal security policies and external regulatory requirements. 
• Support audit readiness (e.g., SOX, ISO, SOC2 as applicable). 
• Implement access controls, audit logging, and segregation of duties. 
• Maintain risk register and drive remediation plans. 
Automation & Continuous Improvement 
• Drive pipeline standardization and reusable automation patterns. 
• Reduce manual controls through policy-as-code and infrastructure-as-code. 
• Continuously optimize lead time, deployment frequency, and failure rates. 
• Promote shift-left and shift-right security practices. 
Stakeholder & Service Management 
• Act as the primary service owner and escalation point. 
• Manage service demand, intake, and prioritization. 
• Collaborate with Engineering, Security, Cloud, and Operation teams. 
• Provide service reporting to leadership. 
Financial & Vendor Management 
• Manage DevSecOps platform budget and forecast. 
• Optimize licensing and tooling costs. 
• Own vendor relationships and renewals for security and pipeline tools. 
• Evaluate new technologies and retire redundant solutions. 
 
Required Qualifications 
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience). 
• Experince in DevOps, DevSecOps, Platform Engineering, or Application Security roles. 
• Strong hands-on experience with CI/CD pipelines and modern SDLC practices. 
• Demonstrated experience implementing security tooling such as: 
• SAST, DAST, SCA 
• Container and artifact scanning 
• Secrets management 
• Pipeline security controls 
• Experience with cloud platforms (AWS, Azure, or GCP). 
• Strong understanding of Agile, DevOps, and secure-by-design principles. 
• Experience with incident and service management practices. 

 

Preferred Qualifications 
• Experience with enterprise toolchains (e.g., Jira, GitHub, GitHub Actions, ServiceNow). 
• Familiarity with DORA metrics and developer productivity frameworks. 
• Experience in regulated environments. 
• Knowledge of policy-as-code tools (e.g., OPA, Sentinel). 
• Security or cloud certifications (e.g., CISSP, CCSP, AWS Security). 
• Experience leading platform or shared services teams. 
 

Key Competencies 
• Security-first mindset 
• Service ownership mentality 
• Platform thinking 
• Risk-based decision making 
• Automation and engineering mindset 
• Strong cross-functional leadership 
• Data-driven continuous improvement 
Formal Role Details:  
• Job Type:  undefined time period contract   
• Starting date: Position available since June 2026  
• Location: Wrocław, Silver Tower Office Center  
• Working Pattern: Hybrid - 2 to 3 days per week in the office, in line with the need  
• Reporting line: MW manager / Team Lead 
What we can offer you:  
• Health insurance  
• Sport card  
• Lunch subsidy  
• Car leasing  
• Languages lessons  
• Bonuses