See all open positions Apply now
DevSecOps Enchanter
Wrocław, Warszawa
Your daily tasks:
- designing and implementing secure software development life cycle solutions based on various tools,
- providing advisory to different groups (Technology, Developers, IT, internal stakeholders of any kind),
- participating in execution of training program for different teams,
- defining secure software development life cycle for large projects and teams,
- defining applications security architecture elements,
- defining documentation of security requirements for our applications and games,
- assisting with KPIs and KRIs related to security in applications,
- working with management on defining roadmaps, needs and provide short and mid-term forecasting,
- collaborating with internal stakeholders to define best approach to maximize the security posture,
- documenting and standardizing testing methodologies and tool sets,
- constantly identifying areas for improvement and driving all changes that are required.
You meet our expectations if you have:
- experience in the Application Development/DevOps (at least 4 years),
- experience in Application Security Testing (at least 2 years),
- BSc in Computer Science, Math or Physics,
- working knowledge of SAST, DAST, IAST and RASP methodologies,
- experience in management and definition of security in the software development lifecycle (SDLC),
- working knowledge of waterfall, agile and primarily DevOps development methodologies,
- experience in software development and SDLC,
- familiarity with one or more languages (Java, Javascript, C++, C#, Python, Perl),
- experience with automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, etc.
- knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis),
- understanding of virtualization and container technologies (Docker, Kubernetes, OpenShift, etc.)
- working knowledge of vulnerability scanners (Nessus, Qualys, Acunetix etc.),
- well versed with TCP/IP stack and network protocols,
- certification like OSCP, CRT, CISSP or even CEH would be a plus,
- outstanding ability for logical and creative thinking,
- excellent organization and time management skills,
- excellent interpersonal and communication skills,
- very good command of English,
Nice to have:
- ability to work alone and bring results,
- abnormal sense of humour.