Senior DevSecOps Engineer – CI/CD and Cloud Security
ITDS
This is a senior DevSecOps role focused on CI/CD pipeline automation and supply-chain security. You will own and evolve Jenkins Shared Libraries in Groovy, develop Python tooling for SLSA provenance and SBOM generation, and optimize build/test/scan pipelines for multi-language builds (Java, Node, Python, Helm, Terraform). The role is heavy on automation, security integration, and mentoring — not traditional product development.
Brakuje: team size and composition, recruitment process and timeline.
This is a senior DevSecOps role focused on CI/CD pipeline automation and supply-chain security. You will own and evolve Jenkins Shared Libraries in Groovy, develop Python tooling for SLSA provenance and SBOM generation, and optimize build/test/scan pipelines for multi-language builds (Java, Node, Python, Helm, Terraform). The role is heavy on automation, security integration, and mentoring — not traditional product development.
- ✓Clear salary range on B2B (25,200–29,400 PLN net+VAT)
- ✓Opportunity to own and evolve Jenkins Shared Library and modernize CI/CD
- ✓Focus on advanced supply-chain security (SLSA, SBOM)
- ✓Mentoring and performance tuning are valued
- !Outsourcing arrangement (working for a client, may affect culture and stability)
- !Buzzword-heavy description (e.g., 'unleash cybersecurity innovation')
- •Design and maintain Groovy pipeline steps for build, test, package, scan, and deploy processes
- •Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation
- •Optimize pipeline performance through parallelization, caching, and dependency management
- •Ensure artifact integrity with correct SHA1/SHA256 mapping and reproducible inputs
- •Refactor legacy scripts to improve code quality and standardization
- •Document ci-config.yaml standards and best practices for teams
- •Mentor engineers on secure pipeline development and supply-chain security practices
- •Troubleshoot and proactively prevent pipeline incidents to ensure seamless integration
Oferta dla doświadczonych specjalistów (Senior).
A mid-to-senior engineer with at least 5 years in engineering and 3 years in CI/CD/DevSecOps, solid Jenkins and Groovy skills, and basic Python scripting. Familiar with security scanning tools and concepts like SBOM.
Pure software developers who prefer building product features, or junior engineers without substantial CI/CD and security experience. Not suitable for those seeking fully remote work (hybrid required in Krakow).
- ?How many days per week are required in the Krakow office?
- ?What is the team size and structure?
- ?Which client will I be working for, and what is the project duration?
- ?Is there an on-call rotation or after-hours incident response?
- ?What is the current state of the Jenkins Shared Library and how much legacy code exists?
- ?What are the main challenges the team faces today?
- ?What is the recruitment process (stages, timeline)?
- −Team size and composition
- −Recruitment process and timeline
- −Specific client name and project duration
- −On-call expectations
- −Budget for training or conferences
The description mentions 'fostering continuous innovation and growth', suggesting a culture that values automation and security, likely with autonomy and mentorship.
Na poziomie rynkowym
Dane z aktywnych ofert zawierających technologię DevSecOps. Pełne statystyki zarobków →