Senior DevSecOps/DevOps Engineer

The Senior DevSecOps/DevOps Engineer is responsible for integrating security best practices into our DevOps platforms and product environments. This role operates independently from delivery ownership to ensure objective risk identification, reporting, and mitigation. You will collaborate closely with DevOps, engineering, and product teams to promote secure development practices while maintaining transparency and governance over security risks.

1. Vulnerability Management - DevOps Platforms Track and follow vulnerabilities related to: CI/CD tools (e.g. Jenkins, GitLab, wiki, agents) Container platforms and base images OS packages, middleware, and supporting services Coordinate patching and remediation with DevOps engineers Maintain a central vulnerability follow-up list (with severity and status) 2. Security & Network Review Review and document: Cloud and on-prem network architecture Firewall rules, NAT rules, VPNs, access paths CI/CD system access and segregation of duties Identify security gaps and improvement opportunities Propose remediation actions and track closure 3. Security Standards & Best Practices Promote and enforce secure coding standards Assist development teams in implementing security controls Integrate security testing into CI/CD pipelines (SAST, DAST, dependency scanning) Contribute to security documentation and internal guidelines 4. Reporting & Governance Maintain clear reporting of security risks and remediation status Provide visibility into security posture across platforms and products Escalate critical risks appropriately Ensure security assessments remain independent from delivery timelines

Required

Qualifications:Technical Skills Understanding of DevOps practices and CI/CD workflows Knowledge of application and infrastructure security principles Familiarity with vulnerability management tools Basic understanding of cloud platforms (AWS, Azure, GCP, SAP BTP ) Awareness of container technologies (Docker, Kubernetes) Understanding of secure coding practices Soft Skills Good English communication required Strong analytical and problem-solving skills Clear and effective communication abilities Ability to collaborate cross-functionally High level of integrity and objectivity Eagerness to learn and grow in the DevSecOps domain Preferred

Qualifications:Experience integrating security tools into CI/CD pipelines Familiarity with security frameworks (ISO 27001, OWASP, NIST) Relevant certifications (e.g., Security+, CEH, DevSecOps-related credentials)

15 days of annual leaves Competitive salary (+13-month salary include) Health insurance, social insurance according to the government regulations PVI Healthcare Insurance Have a chance to work in an international, friendly, open environment Annual Travel opportunity