We are looking for a highly skilled DevSecOps Engineer to join our team, with strong expertise in OpenShift, GitLab, Xray, Keycloak, and related technologies. As a key member of our DevSecOps team, you will be responsible for ensuring the integration of security throughout the software development lifecycle (SDLC), automating deployments, managing continuous integration/continuous deployment (CI/CD) pipelines, and fostering a culture of security and performance.
You will participate in cross-functional digital projects, working closely with development teams to integrate security into the development process, ensuring that our applications are not only secure but also resilient and high-performing.
Key responsibilities
CI/CD Pipeline Development: Develop, maintain, and optimize CI/CD pipelines using tools such as GitLab, ensuring automated deployment and integration while maintaining security standards.
Security Compliance: Ensure that all deployments meet security compliance requirements, including DLP, vulnerability management, and performance resilience.
Automation & Deployment: Lead efforts in automated deployments across the development cycle, ensuring seamless integration with OpenShift and other platforms.
Security-First Development: Actively contribute to the definition of security scenarios and blockers during deployment, ensuring that security best practices are followed to secure development processes.
Development of Monitoring & Observability Tools: Implement and manage Opentelemetry, log collection, and event-based monitoring to ensure the health and security of the applications.
Collaboration with Development Teams: Act as a key point of contact for DevSecOps processes, working closely with development teams to educate, train, and provide guidance on secure software development practices throughout the SDLC.
Process Improvement & Governance: Define and document the DevSecOps processes, roles, responsibilities, and security guidelines. Ensure the team adheres to these processes and contributes to improving them.
Knowledge Transfer & Training: Help foster a culture of continuous learning within the DevSecOps team by sharing knowledge, mentoring junior team members, and promoting a security-first mindset.
Licensing & Compliance: Oversee the monitoring of licenses for OpenShift and applications, collaborating with service providers and vendors to ensure compliance with licensing agreements.
Essential skills & experience
Technical expertise:
Strong knowledge of OpenShift, GitLab, GitLab Factory, Xray, and Keycloak.
Expertise in CI/CD, automated deployment, and security compliance (DLP, resilience, performance).
Experience with Java development or other relevant programming languages.
Strong experience in pipeline development, security automation, and code quality assurance.
Opentelemetry implementation for monitoring and log collection.
Security & compliance:
Deep understanding of security compliance, vulnerability management, and secure development practices.
Ability to define security scenarios and identify blockers in deployment pipelines.
Collaboration & communication:
Ability to collaborate with cross-functional teams, including development, operations, and security teams.
Excellent communication skills, capable of proactively sharing knowledge, guiding teams, and promoting a "security-first" culture.
Strong emphasis on teamwork and adopting a collaborative philosophy: "Your built team, you are one unit.
Governance & documentation:
Ability to define and create comprehensive documentation for DevSecOps processes and policies.
Work closely with development teams to contextualize and implement best practices across the SDLC.
Knowledge of licensing processes, specifically around OpenShift and application licenses.
Personal traits:
Autonomous: The ability to work independently while contributing to team objectives.
Team-Oriented: A strong team player, willing to share knowledge and support others.
Proactive Communicator: Comfortable with proactive communication and taking ownership of processes and tasks.
Respectful: Adherence to company behaviors and processes, promoting a healthy work environment.
Experience level: Medior/Senior experience in DevSecOps, with hands-on expertise in CI/CD pipelines, security compliance, vulnerability management, and monitoring.