DevSecOps Specialist

WHO WE ARE:

The Cyber Security team (within the Accenture Security team) assists clients in securing hybrid environment-based systems and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the DevOps and SDLC process.

THE WORK:

• Collaborate with design and development teams to implement security principles from the start of the SDLC, fostering innovation and growth.
• Support migration and transformation projects, integrating security in new technology layers and public cloud environments.
• Develop and manage the CI/CD process, automating security steps to enhance efficiency and scalability.
• Automate security tasks within DevOps processes using tools like Ansible, Azure DevOps, Jenkins, and GitLab, driving continuous improvement.
• Conduct security assessments of hybrid solutions, supporting teams with public cloud security (Azure, GCP, AWS).
• Secure public cloud environments and microservices-based environments (AKS, GKE, EKS, Red Hat Openshift).
• Analyze security of API, application, or IaC code, enhancing DevOps environments with robust security elements.
• Design, develop, and evolve CI/CD environments by integrating security tools (SonarQube, DefectDojo, Fortify, Checkmarx, Veracode, Checkov, Semgrep, Nessus, Aqua Security), ensuring continuous growth and innovation.

WHAT’S IN IT FOR YOU?

• Work on projects for international clients, expanding your security skill set.
• Gain insights and feedback from a diverse team of over 120 cybersecurity experts in Poland and thousands across the world.
• Thrive in an exciting workplace that values and celebrates diverse perspectives.
• Contribute to a creative environment where your ideas are welcomed.
• Engage in creative projects that foster your development as cybersecurity specialist.
• Access continuous learning through workshops and skill-building initiatives.

• Permanent employment contract.
• Individual support of a People Lead and a specific path of professional development, as well as the possibility of a session with a Coach.
• A wide training package (soft, technical, and language training offer, access to the e-learning platforms, Gallup test, GenAI training, possibility of co-financing courses, and certification).
• Employee Assistance Program - legal, financial, and psychological consultations.
• Accenture employees eligible for the Employee share purchase plan automatically become eligible for quarterly dividends if they own company shares.
• Paid employee referral program.
• Private medical care, life insurance.
• Access to the MyBenefit platform (possibility of using a wide range of products and services, including the Multisport card).

WHAT WE BELIEVE:

Accenture does not discriminate employment candidates on the basis of race, religion, color, sex, age, disability, national origin, political beliefs, trade union membership, ethnicity, denomination, sexual orientation or any other basis impermissible under Polish law.

HERE’S WHAT YOU’LL NEED:

• Knowledge of cyber security area or a desire to deepen your knowledge in this field, backed up by at least a few years' experience working in IT or in a DevOps role.
• Experience with one of the three leading clouds - Azure, GCP or AWS.
• Practical knowledge of CI/CD processes and familiarity with CI/CD tools like Azure DevOps, Jenkins, GitHub etc.
• Issues related to web application security (OWASP TOP 10 etc.) and secure coding best practices and knowledge of popular attack methods (XSS, CSRF, SQL injection, etc.) and frameworks such as MITRE.
• Practical experience of working with models: on-prem, IaaS, PaaS, SaaS.
• Experience with containerisation (Docker) and containerisation-based infrastructure platforms: Kubernetes, OpenShift, Anthos, etc.
• SAST, DAST, SCA issues and their practical implementation within CI/CD processes and issues related to authorization, authentication or session management (SAML, OAuth, SSO, etc.).
• Knowledge of the SSDLC process and its components and Rest API technology and the API Gateway concept.