DevSecOps Engineer
📍 Kraków⭐ Nieznany📄 other
Widełki nieujawnione
🗂 Szczegóły oferty
LokalizacjaKraków
Tryb pracy—
Etat—
DoświadczenieNieznany
Min. lat doświadczenia7+
Typ kontraktuOther
Kategoriait
📝 Opis główny / Wstęp
At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe.
We are looking for a DevSecOps Engineer to design, build, and operate a Jenkins-based, developer-focused pipeline platform that enables thousands of builds per day across Java, Node.js, Python, and cloud-native workloads. Our mission is to make secure delivery the default and great developer experience the norm.
You will own and evolve our Jenkins Shared Library, powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). Your work will deliver fast, secure, provenance-rich pipelines (SLSA, SBOM, digests) and strengthen supply chain integrity across teams.
Sounds like your kind of challenge?
What You'll Be Doing
What You Get In Return
We are looking for a DevSecOps Engineer to design, build, and operate a Jenkins-based, developer-focused pipeline platform that enables thousands of builds per day across Java, Node.js, Python, and cloud-native workloads. Our mission is to make secure delivery the default and great developer experience the norm.
You will own and evolve our Jenkins Shared Library, powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). Your work will deliver fast, secure, provenance-rich pipelines (SLSA, SBOM, digests) and strengthen supply chain integrity across teams.
Sounds like your kind of challenge?
What You'll Be Doing
- Design and maintain Groovy pipeline steps (build, test, package, scan, deploy)
- Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation
- Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch)
- Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence modeling)
- Refactor legacy scripts (remove global state, consolidate hashing, standardize templates)
- Document ci-config.yaml standards and usage patterns
- Mentor engineers on secure pipeline development and supply-chain practices
- Troubleshoot and prevent pipeline incidents
What You Get In Return
- Flexible cooperation model – choose the form that suits you best (B2B, employment contract, etc.)
- Hybrid work setup – remote days available depending on the client’s arrangements – 6 times a month from the office in Kraków
- Collaborative team culture – work alongside experienced professionals eager to share knowledge
- Continuous development – access to training platforms and growth opportunities
- Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more
- High quality equipment – laptop and essential software provided
- 7+ years of engineering experience; 3+ years in CI/CD platform or DevSecOps
- Strong Jenkins + Groovy shared library expertise
- Advanced Python automation (JSON/YAML processing, tooling scripts)
- Deep knowledge of Maven/NPM/Python packaging; exposure to Helm/Terraform and container image metadata
- Supply-chain security (SLSA, CycloneDX SBOM, digests)
- Experience with SonarQube, Sonatype IQ, container and SAST scanning
- Proven performance tuning (caching, parallelization, dependency pruning)
- Compliance awareness
📡 Metadata statystyk
Źródłolinkedin
Slug / IDkrakow-devsecops-engineer-mindbox-8b2469
Opublikowano31 marca 2026
Wygasa—
Pobranie (Ingest)31 marca 2026
🔗Podobne oferty