Senior DevSecOps Engineer

TL;DR

Senior DevSecOps Engineer: Leading security-by-design practices across GitLab CI/CD with an accent on automation, vulnerability management, and secure SDLC standards. Focus on transitioning legacy security tools to GitLab-native capabilities and collaborating with InfoSec, Cloud Platform, and Product teams.

Location: Ukraine

Company

hirify.global believes that human creativity empowers technology that matters, providing a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and UI design, managed services, product development, and software development.

What you will do

• Drive secure-by-design guardrails across GitLab CI/CD.
• Implement and maintain automated security scanning: SAST, DAST, SCA, container, and secret detection.
• Enforce policy-as-code (branch protection, MR approvals, vulnerability gates, artifact signing).
• Manage vulnerability lifecycle: periodic assessments, triage, remediation planning, and tracking to closure.
• Implement secure IaC using Terraform/Ansible and apply least-privilege and zero-trust patterns.
• Champion shift-left security via training, playbooks, and standardized toolchains.

Requirements

• Proven experience with GitLab Ultimate security features and CI/CD administration.
• Hands-on with SAST, DAST, SCA, container scanning, and secret detection in automated pipelines.
• Practical experience with SCA tools like BlackDuck, Nexus Lifecycle, Snyk.
• Familiar with SonarQube for code quality.
• Strong scripting/automation skills in Python, Bash, YAML.
• Solid fundamentals in container and cloud security (Docker, Kubernetes, image scanning, registry hardening).
• Experience with threat modeling, risk assessment, and remediation planning.

Nice to have

• Relevant certifications: DevSecOps Professional, CKS, Security+, or equivalent.
• IaC security tooling experience (Terraform + OPA, Conftest, Checkov).
• Knowledge of software supply chain security, including SBOM, Cosign, and SLSA.
• Familiarity with DORA metrics and security KPI reporting.

Culture & Benefits

• Everyone matters.
• Equal opportunities in recruitment, career development, and leadership.
• Committed to fostering a work environment where our diverse community of employees, candidates, and business partners actively shapes our growth.

Hiring process

• Send your application.
• Talent Acquisition Interview.
• Technical Interview.
• Customer Interview (for some roles).