DevSecOps

We are looking for a highly skilled DevSecOps Engineer to join our team, with strong expertise in OpenShift, GitLab, XRay, Keycloak, and related technologies.

As a key member of our DevSecOps team, you will be responsible for ensuring the integration of security throughout the software development lifecycle (SDLC), automating deployments, managing continuous integration/continuous deployment (CI/CD) pipelines, and fostering a culture of security and performance.

You will participate in cross-functional digital projects, working closely with development teams to integrate security into the development process, ensuring that our applications are not only secure but also resilient and high-performing.

Key Responsibilities

• CI/CD Pipeline Development: Develop, maintain, and optimize CI/CD pipelines using tools such as GitLab, ensuring automated deployment and integration while maintaining security standards.
• Security Compliance: Ensure that all deployments meet security compliance requirements, including DLP, vulnerability management, and performance resilience.
• Automation & Deployment: Lead efforts in automated deployments across the development cycle, ensuring seamless integration with OpenShift and other platforms.
• Security-First Development: Actively contribute to the definition of security scenarios and blockers during deployment, ensuring that security best practices are followed to secure development processes.
• Development of Monitoring & Observability Tools: Implement and manage OpenTelemetry, log collection, and event-based monitoring to ensure the health and security of the applications.
• Collaboration with Development Teams: Act as a key point of contact for DevSecOps processes, working closely with development teams to educate, train, and provide guidance on secure software development practices throughout the SDLC.
• Process Improvement & Governance: Define and document the DevSecOps processes, roles, responsibilities, and security guidelines. Ensure the team adheres to these processes and contributes to improving them.
• Knowledge Transfer & Training: Help foster a culture of continuous learning within the DevSecOps team by sharing knowledge, mentoring junior team members, and promoting a security-first mindset.
• Licensing & Compliance: Oversee the monitoring of licenses for OpenShift and applications, collaborating with service providers and vendors to ensure compliance with licensing agreements.

Essential Skills & Experience

Technical Expertise:

• Strong knowledge of OpenShift, GitLab, GitLab Factory, XRay, and Keycloak.
• Expertise in CI/CD, automated deployment, and security compliance (DLP, resilience, performance).
• Experience with Java development or other relevant programming languages.
• Strong experience in pipeline development, security automation, and code quality assurance.
• OpenTelemetry implementation for monitoring and log collection.

Security & Compliance:

• Deep understanding of security compliance, vulnerability management, and secure development practices.
• Ability to define security scenarios and identify blockers in deployment pipelines.
• Collaboration & Communication:
• Ability to collaborate with cross-functional teams, including development, operations, and security teams.
• Excellent communication skills, capable of proactively sharing knowledge, guiding teams, and promoting a “security-first” culture.
• Strong emphasis on teamwork and adopting a collaborative philosophy: "Your built team, you are one unit."

Governance & Documentation:

• Ability to define and create comprehensive documentation for DevSecOps processes and policies.
• Work closely with development teams to contextualize and implement best practices across the SDLC.
• Knowledge of licensing processes, specifically around OpenShift and application licenses.

Personal Traits

• Autonomous: The ability to work independently while contributing to team objectives.
• Team-Oriented: A strong team player, willing to share knowledge and support others.
• Proactive Communicator: Comfortable with proactive communication and taking ownership of processes and tasks.
• Respectful: Adherence to company behaviors and processes, promoting a healthy work environment.

Experience Level

• Medior/Senior experience in DevSecOps, with hands-on expertise in CI/CD pipelines, security compliance, vulnerability management, and monitoring.