DevSecOps Engineer | Krakow

Location: Krakow, hybrid 2 days/week

About the Role

We are looking for a hands-on DevSecOps Engineer to own our Jenkins Shared Library ecosystem and secure the end-to-end software supply chain. You will bridge the gap between development, security, and operations—ensuring that CI/CD pipelines are not only fast and reliable but also compliant, auditable, and resistant to modern supply-chain attacks.

You will work across multiple technology stacks (JVM, Node.js, Python, containers) and drive the adoption of SLSA, SBOM, and automated security controls.

Key Responsibilities

1. Jenkins Shared Libraries & Pipeline Engineering

• Own, maintain, and evolve the Jenkins Shared Library (Groovy) used by 50+ teams.

• Design reusable, modular pipeline steps for build, test, scan, sign, and deploy.

• Enforce pipeline-as-code standards and versioning for library changes.

2. Secure CI/CD & Supply-Chain Integrity

• Implement SLSA compliance levels and automate SBOM generation (CycloneDX/SPDX).

• Integrate SAST, DAST, and dependency scanning into pipelines (e.g., Snyk, Trivy, OWASP DC).

• Manage artifact signing, provenance, and attestation (Sigstore/cosign, Notary).

• Secure Maven/NPM packaging and dependency management against typosquatting and compromised registries.

3. Automation & Performance

• Optimize build times through parallelization, caching, and incremental builds.

• Automate compliance checks (license, vulnerability, CVE) as part of PR validation.

• Develop Python automation scripts for pipeline orchestration and reporting.

4. Cloud & Container Security

• Work with Kubernetes (EKS/AKS/Openshift) and container registries.

• Implement admission controllers, image scanning, and runtime security policies.

5. Incident Resolution & Mentorship

• Debug pipeline failures (Jenkins, Groovy, Maven, NPM, Docker).

• Provide root cause analysis and blameless post-mortems.

• Mentor engineers on secure coding and pipeline best practices.

Required Qualifications

• 7+ years overall software or systems engineering experience.

• 3+ years dedicated experience in DevSecOps or CI/CD pipeline engineering.

• Jenkins & Groovy: Deep expertise in writing Jenkins Shared Libraries, pipeline syntax, and configuring Jenkins controllers/agents.

• Programming: Strong Python for automation; familiarity with Maven (Java) and NPM (Node.js) packaging.

• Security: Hands-on experience with SLSA, SBOM generation, software signing, and dependency management.

• Containers: Docker, Kubernetes, and container security scanning.

• SCM: Git (GitFlow, trunk-based), GitHub/GitLab/Bitbucket.

Preferred Qualifications (Nice to Have)

• Experience with audits (ISO 27001, SOC2, FedRAMP, PCI-DSS) and regulated environments (finance, healthcare, govtech).

• Strong ownership mindset – you act as the “last line of defense” for pipeline integrity.

• Certifications: CKS, CISSP, DevSecOps Professional.

• Experience with Sigstore, in-toto, Witness, or Tekton Chains.

• Familiarity with ArgoCD, Vault, Kyverno, OPA.