- Act as SME in DevSecOps program
- Support static, dynamic and security awareness services
- Lead development, maintenance and improvement of detection controls, security reviews, remediation activities and business unit engagements
- Lead S-SDLC training and guidance on security related issues
- Drive adoption of embedded application security controls within Software Development Life Cycle (SDLC)
- Advise on identified vulnerabilities in our applications and cloud environments without jeopardizing product roadmap.
- Evangelize and coach engineers on secure design & development practices through threat modelling and help remediate findings.
- Cross pollination of secure development techniques and best practices across engineering tribes.
- Collaborate across technology and business units and ensure CS initiatives are successfully delivered.
- Be on-hand to assist colleagues as part of our incident response (Security Operations) process should this be required.
- Salary: 150-170 PLN/h net + VAT
- Contract type: B2B contract via Devire
- Contract duration: long-term contract
- Location: remote work (occasional visits in Warsaw office)
- Recruitment process: verification on Devire side + two stages on Client side
- Equipment: provided by the Client
- Degree in software development, or other relevant experience.
- 5+ years of experience as a software developer or DevOps professional.
- Good English written/verbal communication skill (C1)
- Ability to manage, prioritize, remediate vulnerabilities like those on the OWASP Top10 list.
- Excellent knowledge in at least one of the object-orientated programming languages like Java, .NET
- Experience with AWS & Azure cloud services, especially their security products.
- Experience with modern technologies like Docker, Kubernetes
- Experience with automated deployments and containerized application management.
- Excellent experience creating Operational Awareness through monitoring and alerting solutions.
- Highly proficient with IaC and Configuration Management tooling (Terraform, Ansible, Puppet, Chef)
- Strong understanding of CI/CD pipelines (at least 2 years).
- Strong scripting skills
- Excellence with version control systems and application lifecycle management (Git / GitHub).
- A keen interest in continuous professional learning across software engineering, cloud, and application security domains.
- Working in agile development teams in a fast-paced environment.
- Excellent inter-personal and communication skills with fluency in English (written & spoken).
- Experience with supervising and/or mentoring product & platform teams to onboard DevSecOps
- Cloud-native development and/or experience with other public & hybrid cloud services (AWS, Azure).
- Hands-on experience with Cloud & Software Security and DevSecOps tooling such as CNAPP, SAST, SCA, DAST
- Experience with maintaining large-scale and fault-tolerant distributed systems in production.
- Knowledge of IT security frameworks and standards is required (ISO2700x, CIS Benchmarks, NIST, Well Architecture Frameworks, OWASP SAMM, OWASP ASVS
- Have a good understanding of a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities.
- Knowledge and hands-on experience with Application Security reviews, Program Assessments and Maturity Scoring, Vulnerability Assessments, Risk Assessments, SDLC process improvement
- Experience with one or more ecosystem: SAP, Salesforce, ServiceNow, PLM solution, CRM, Data Management/ BI
Devire
Warsaw
200Jesteśmy Devire – firmą rekrutacyjną, której celem jest łączenie świetnych ludzi ze świetnymi pracodawcami.
Niezależnie czy rozglądasz się za nową pracą na stałe czy projektem w formie współpracy B2B – możesz polegać na naszym wsparciu na każdym kroku.
Współpracujemy z pracodawcami z terenu całej Polski i realizujemy rekrutacje we wszystkich kluczowych obszarach technologicznych.