DevSecOps Engineer

• Salary based on B2B contract (via Devire) 170-200 pln/h net+vat
• Long-term employment
• Private HealthCare
• Sports card 
• Life insurance
• Working for a leading corporation with a stable market position
• Working in the international environment

• 5-10 years of hands-on experience with GitLab Ultimate and CI/CD security features

• Proven integration of SAST/DAST/SCA with risk-based release gating

• Experience with SCA tools (BlackDuck, Nexus, Snyk) and SonarQube

• Strong Python, Bash, YAML automation skills

• Solid Docker/Kubernetes and cloud security fundamentals

• Experience in threat modeling and vulnerability remediation

Primary Tools: GitLab Ultimate, Docker/Kubernetes, Terraform/Ansible, SonarQube, BlackDuck or Nexus Lifecycle (SCA), Snyk or Trivy, OWASP ZAP

Nice to Have

• Security or DevSecOps certifications

• IaC security experience (Terraform + OPA/Checkov)

• Supply chain security (SBOM, Cosign, SLSA)

• Knowledge of DORA metrics / security KPIs

Responsibilities

• Act as a GitLab and application security SME, advising on CI/CD security, SonarQube, and vulnerability management

• Lead and coordinate vulnerability assessment and remediation, guiding teams on SAST, DAST, and SBOM practices

• Bridge development and security teams, translating security requirements into practical, developer-aligned guidance

• Provide opinionated, standards-based recommendations aligned with industry best practices and secure SDLC norms

• Take initiative to drive delivery, challenge thinking constructively, and support teams in meeting tight timelines

• Communicate clearly with stakeholders, balancing assertiveness with collaboration