Senior DevSecOps Engineer

Requirements

• 5+ years of hands-on experience in DevSecOps, Application Security, or Security Engineering roles in production environments.
• Strong practical experience integrating security tools into CI/CD pipelines (GitLab CI, GitHub Actions, or similar).
• Expertise with security scanning tools such as SAST, SCA, secret scanning, container/image scanning (e.g., Semgrep, SonarQube, Trivy, Snyk, Grype, Gitleaks or equivalents).
• Strong understanding of CI/CD security concepts including least privilege access, protected branches/environments, secrets management, CODEOWNERS, and secure runner configurations.
• Proven experience building vulnerability management processes including triage, prioritization, SLA definition, remediation tracking, and risk acceptance workflows.
• Deep knowledge of software supply chain security including SBOMs, dependency pinning, artifact signing, provenance, and dependency risk management.
• Strong cloud security experience, ideally in AWS, including IAM, Security Groups, KMS, CloudTrail, GuardDuty, Security Hub, and network architecture.
• Hands-on experience with Kubernetes security including RBAC, network policies, admission controllers, audit logging, and runtime security concepts.
• Experience with Infrastructure as Code security (Terraform preferred) using tools like tfsec, Checkov, or policy-as-code frameworks.
• Strong automation skills in Python, Bash, or Go for building security tools, pipeline integrations, or reporting systems.
• Solid understanding of OWASP Top 10, web application vulnerabilities, and secure development practices.
• Ability to work independently, prioritize effectively, and collaborate closely with engineering, platform, and business stakeholders in a fast-paced environment.
• Experience in regulated industries such as fintech or gaming is a plus.

Benefits

• Fully remote work with flexibility to work from anywhere within compatible regions.
• Competitive compensation package aligned with experience and market standards.
• 20 paid vacation days plus public holidays and sick leave.
• Private health insurance and psychological support coverage.
• Flexible benefits budget for personal use, hobbies, sports, and lifestyle needs.
• Learning and development budget, including courses, training, workshops, and language programs.
• Corporate events, team-building activities, and professional development workshops.
• Flexible working culture focused on autonomy, trust, and work-life balance.
• Access to modern engineering practices, automation-first workflows, and cutting-edge security tooling.
• Opportunity to work on high-scale, high-impact systems in a fast-growing product environment.