AI Summary
Design and implement secure CI/CD pipelines, automate security workflows, and promote a security-first culture. Develop expertise in DevSecOps practices, infrastructure as code, and container security. Collaborate with engineering teams to deliver reliable and compliant software at scale.
Key Highlights
Build and maintain secure CI/CD pipelines with integrated SAST, DAST, and IAST tools
Develop automation for security workflows, vulnerability management, and compliance checks
Promote a security-first culture by mentoring developers and operations teams
Technical Skills Required
Benefits & Perks
Stable salary
Official employment
Health insurance
Hybrid work mode
Flexible schedule
Relocation package
Access to professional counseling services
Discount club membership
Diverse internal training programs
Partially or fully paid additional training courses
All necessary work equipment
Job Description
Embed security into every stage of development by building secure CI/CD pipelines, automating security workflows, and enabling engineering teams to deliver reliable, compliant software at scale.
Responsibilities
- Build and maintain secure CI/CD pipelines with integrated SAST, DAST, and IAST tools.
- Develop automation for security workflows, vulnerability management, and compliance checks to ensure real-time feedback.
- Scan Infrastructure as Code (e.g., Terraform, CloudFormation) for misconfigurations and vulnerabilities before deployment.
- Evaluate, implement, and maintain tools for vulnerability scanning, monitoring, and compliance.
- Promote a security-first culture by mentoring developers and operations teams on secure coding and DevSecOps practices.
- 5+ years of experience in DevOps, Security Engineering, or similar roles, including 2+ years in DevSecOps.
- Hands-on experience with CI/CD tools such as Jenkins, GitLab CI, or similar.
- Strong scripting skills in Python, Bash, or Go.
- Knowledge of AWS, Azure, or GCP and their security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center).
- Experience with Infrastructure as Code tools like Terraform, Ansible, or CloudFormation.
- Solid understanding of container technologies such as Docker and Kubernetes, including container image and runtime security.
- Familiarity with security tools such as SonarQube, Checkmarx, OWASP ZAP, Burp Suite, Trivy, or Nessus.
- Strong problem-solving and communication skills; ability to collaborate across teams.
- Stable salary, official employment.
- Health insurance.
- Hybrid work mode and flexible schedule.
- Relocation package offered for candidates from other regions.
- Access to professional counseling services including psychological, financial, and legal support.
- Discount club membership.
- Diverse internal training programs.
- Partially or fully paid additional training courses.
- All necessary work equipment.