DevSecOps

We are a provider of digital transformation and technology consulting services with a portfolio of solutions for both clients who do not yet have Salesforce and large organizations that work on Salesforce and use its extensive capabilities ☁.

We also provide body and team leasing services in IT, providing specialists in various fields.

Model: remote

Employment type: full-time

Responsibilities:

Pipeline Security & Automation :

• Implement and maintain automated SAST, DAST, SCA, container scanning, and

  secret detection in GitLab CI/CD

• Enforce policy-as-code: branch protection, MR approvals, vulnerability gates,

  artifact signing

Vulnerability Management :

• Run periodic assessments and secure code reviews; triage findings; publish remediation plans; track SLAs to closure

• Coordinate with product management and engineering to prioritize fixes

Compliance & Governance:

• Align controls and evidence with CIS, NIST, and (where applicable) GDPR

• Enable audit-ready reporting and SBOM generation; integrate security KPIs into observability dashboards

Infrastructure & Cloud Security:

• Implement secure IaC (Terraform/Ansible/CloudFormation); apply least-privilege and zero-trust patterns

• Harden build runners, container images, registries, and deployment targets

Enablement & Culture:

• Champion “shift-left” security via playbooks, training, and standard toolchains

• Document security runbooks; contribute to SDLC harmonization standards

Requirements:

• Hands-on expertise with GitLab Ultimate security features and CI/CD administration

• Proven experience embedding SAST/DAST/SCA into pipelines and gating releases on

  risk thresholds

• Direct exposure to SCA tools (e.g., BlackDuck, Nexus Lifecycle/OSS Index, Snyk) and

  code quality (SonarQube)

• Strong scripting/automation (Python, Bash, YAML)

• Container & cloud security fundamentals (Docker/Kubernetes, registry hardening,

  image scanning, runtime policies)

• Threat modeling, risk assessment, and remediation planning

Nice to have:

• Certifications: DevSecOps Professional, CKS, Security+, or similar

• IaC security experience (Terraform + OPA/Conftest/Checkov)

• Supply-chain security: SBOM practices and artifact signing (Cosign), familiarity with SLSA

• Familiarity with DORA metrics and security KPI reporting

  
  

We offer:

• B2B contract,

• Assistance in defining and support in your development path,

• Benefits package,

• Daily support from team leaders,

• Dedicated certification budget,

• Integration trips/events.