Unleash the Future of Cybersecurity — Drive Innovation at the Frontiers of Digital Trust!
Krakow-based opportunity with hybrid work model.
As a Senior DevSecOps Security Consultant, you will be working for our client, a global leader in financial services, committed to building secure, scalable digital solutions. Your expertise will elevate cybersecurity maturity across engineering platforms, ensuring safe, resilient, and efficient delivery of digital services worldwide. This role offers a unique chance to influence cybersecurity practices at a top-tier banking institution, empowering secure innovation.
Your main responsibilities:
- Develop and maintain an Engineering-Platform Cybersecurity Maturity Framework to standardize assessments.
- Conduct comprehensive security reviews of build systems, CI/CD pipelines, runtime infrastructure, and developer tooling, identifying vulnerabilities and systemic risks.
- Perform threat modeling and gap analysis to recommend remediation strategies.
- Establish secure architecture patterns and enforce platform security baselines via policy-as-code and automated controls.
- Collaborate with platform owners to remediate critical gaps and implement scalable security solutions.
- Integrate vulnerability management and secure development practices such as SBOM, provenance, and code-signing into engineering workflows.
- Prioritize identified security gaps based on risk, regulatory impact, and operational importance, and help build strategic security roadmaps.
- Engage with senior stakeholders to translate technical risks into business impact, guiding governance and strategic decisions.
- Promote a security culture within engineering teams through continuous improvement and knowledge sharing.
You're ideal for this role if you have:
- At least 6 years of proven experience in Cybersecurity within large-scale or complex, regulated environments.
- Deep technical expertise with CI/CD systems, build tools, artifact repositories, runtime environments, and developer tooling.
- Strong experience with DevSecOps, including secure pipeline design, security scanning tools, and automation.
- Knowledge of service mesh, cryptography, network and application security, vulnerability management, and risk assessment.
- Hands-on experience conducting threat modeling and platform security assessments.
- Experience developing and implementing maturity models or security frameworks in enterprise settings.
- Excellent stakeholder management skills and the ability to influence senior leadership for cybersecurity adoption.
- Fluent in Polish with strong communication skills to articulate technical risks effectively.
It is a strong plus if you have:
- Professional certifications such as CISSP, CISM, CCSK, CCSP, or equivalent.
- Hands-on knowledge of cloud security platforms (AWS, Azure, GCP) and container orchestration tools like Kubernetes.
- Experience in international, diverse environments with exposure to regulatory engagement.
- Familiarity with engineering excellence practices such as supply chain security, SLSA, SBOM, or secure developer tooling initiatives.
Eligibility for the role:
Only candidates with an existing legal right to work in the European Union will be considered for this role.
#MAKEYourCareerBETTER
Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.