DevSecOps Security Consultant

O projekcie: At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe.  Join our client’s team as a DevSecOps Security Consultant! Are you passionate about cybersecurity, engineering excellence, and DevSecOps practices? We are looking for an experienced DevSecOps Security Consultant to shape the security posture of engineering platforms at one of the world’s leading financial institutions. This is your opportunity to define scalable security frameworks, uplift maturity across CI/CD platforms, and enable secure digital delivery at enterprise scale. Sounds like your kind of challenge?  #LI- Hybrid – 6 days a month from the office in Kraków What you get in return - Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.) - Hybrid work setup – 6 days a month from the office in Kraków - Collaborative team culture – work alongside experienced professionals eager to share knowledge  - Continuous development – access to training platforms and growth opportunities  - Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more  - High quality equipment – laptop and essential software provided Wymagania: - Core Expertise: - Proven experience in Cybersecurity within large, regulated organizations. - Deep understanding of CI/CD systems, build tools, artifact repositories, runtime environments, and developer tools. - Advanced knowledge of DevSecOps practices, including pipeline security and automation of security controls. - Experience in threat modeling, platform-level security assessments, and security gap remediation. - Familiarity with cryptography, vulnerability management, and application/network security. - Leadership & Influence: - Strong skills in stakeholder management and driving alignment across distributed technology teams. - Ability to articulate technical risk in business language. - Preferred: - Certifications such as CISSP, CISM, CCSP, CCSK. - Knowledge of Cloud Security (AWS, GCP, Azure) and container orchestration (Kubernetes). - Experience with supply chain security frameworks (SLSA, SBOM) and secure developer tooling. Joining this project you’ll become part of Mindbox – a tech-driven company where consulting, engineering, and talent meet to build meaningful digital solutions. We’ll back you up every step of the way, accelerate your development, and ensure your skills make a difference. Codzienne zadania: - Develop an Engineering-Platform Cybersecurity Maturity Framework for standardized assessments. - Conduct security assessments of CI/CD pipelines, runtime environments, build infrastructures, and developer tools against the framework. - Perform threat modeling, gap analysis, and identify systemic vulnerabilities impacting code integrity and workload security. - Define and enforce secure architecture patterns, policy-as-code, and automated security controls. - Partner with platform owners to remediate critical gaps and implement scalable solutions for secure artifact integrity, access management, and configuration hardening. - Integrate vulnerability management, SBOM generation, provenance, and code-signing into DevOps workflows. - Build security roadmaps balancing quick wins and long-term improvements. - Prioritize initiatives based on business risk and compliance requirements. - Serve as a trusted cybersecurity advisor to platform owners, engineering teams, and senior leadership. - Influence adoption of secure engineering practices across federated teams. - Track maturity metrics and drive measurable security improvements. - Evolve frameworks based on emerging threats, technology shifts, and regulatory changes.