1 день назад
Senior DevSecOps Engineer
30$
Загружаем источник...Мэтч & Сопровод
Покажет вашу совместимость и напишет письмо
Описание вакансии
🔐 Vacancy: DevSecOps Engineer (Senior)
🌍 Location: EU (Remote)
💵 Rate: $30/hour
⏱️ Format: Full-time / Contract
About the Project
We are building a secure, scalable cloud platform that meets high compliance standards (SLSA Level 3–4).
We need an engineer who will embed security into the CI/CD pipeline, harden AWS infrastructure, and help us pass security audits and certifications.
This is not just "DevOps with a security twist." This is a true DevSecOps architect role — you will own the security of the entire software delivery lifecycle.
What You'll Actually Do
🛡 CI/CD Security
Implement SAST/DAST, vulnerability scanning, dependency auditing, and artifact signing
Build SLSA Level 3–4 compliance (provenance, SBOM, attestations)
Secure the software supply chain from commit to production
☁️ AWS Security & Hardening
Manage IAM, Security Groups, AWS Organizations, GuardDuty, WAF, Inspector
Apply security-by-design principles to Infrastructure as Code (AWS CDK / Terraform)
Design multi-account logging, auditing, and centralized security monitoring
🕵️ Incident Response & Observability
Lead security incident investigations, coordinate remediation, and run post-mortems
Monitor security events and system health via GuardDuty, Security Hub, DataDog/Sentry, CloudWatch
📦 Dependency & Registry Security
Control third-party dependencies, enforce package registry security policies
Automate vetting of new libraries and prevent vulnerable components from reaching production
🤝 DevSecOps Culture
Conduct security reviews and threat modeling with dev teams
Promote secure coding practices through education and automation
Write security policies and automate compliance checks
Who We're Looking For
✅ 5+ years of experience in DevOps / SRE / Cloud Engineering
✅ Deep AWS expertise — not just "launched EC2," but designed complex multi-account environments
✅ Production-grade IaC experience (AWS CDK / Terraform / Pulumi)
✅ Hands-on with security in CI/CD (GitHub Actions / GitLab CI / Jenkins + vulnerability scanners)
✅ Understanding of software supply chain security: SLSA, SBOM, Sigstore/Cosign — experience or ability to ramp up quickly
✅ Comfortable leading incident investigations and finding root causes
✅ Speaks the same language as developers — can persuade, not just enforce
Strong plus:
Experience with compliance audits (SOC2, ISO 27001, PCI DSS)
Familiarity with OPA, Kyverno, Falco
Python / Go skills for building custom security tooling
Startup / product company background (small teams, high ownership)
#DevSecOps #AWS #CI/CD #SLSA #SupplyChainSecurity #EU #Remote #Hiring #InfrastructureAsCode #DevOps #CloudSecurity
🌍 Location: EU (Remote)
💵 Rate: $30/hour
⏱️ Format: Full-time / Contract
About the Project
We are building a secure, scalable cloud platform that meets high compliance standards (SLSA Level 3–4).
We need an engineer who will embed security into the CI/CD pipeline, harden AWS infrastructure, and help us pass security audits and certifications.
This is not just "DevOps with a security twist." This is a true DevSecOps architect role — you will own the security of the entire software delivery lifecycle.
What You'll Actually Do
🛡 CI/CD Security
Implement SAST/DAST, vulnerability scanning, dependency auditing, and artifact signing
Build SLSA Level 3–4 compliance (provenance, SBOM, attestations)
Secure the software supply chain from commit to production
☁️ AWS Security & Hardening
Manage IAM, Security Groups, AWS Organizations, GuardDuty, WAF, Inspector
Apply security-by-design principles to Infrastructure as Code (AWS CDK / Terraform)
Design multi-account logging, auditing, and centralized security monitoring
🕵️ Incident Response & Observability
Lead security incident investigations, coordinate remediation, and run post-mortems
Monitor security events and system health via GuardDuty, Security Hub, DataDog/Sentry, CloudWatch
📦 Dependency & Registry Security
Control third-party dependencies, enforce package registry security policies
Automate vetting of new libraries and prevent vulnerable components from reaching production
🤝 DevSecOps Culture
Conduct security reviews and threat modeling with dev teams
Promote secure coding practices through education and automation
Write security policies and automate compliance checks
Who We're Looking For
✅ 5+ years of experience in DevOps / SRE / Cloud Engineering
✅ Deep AWS expertise — not just "launched EC2," but designed complex multi-account environments
✅ Production-grade IaC experience (AWS CDK / Terraform / Pulumi)
✅ Hands-on with security in CI/CD (GitHub Actions / GitLab CI / Jenkins + vulnerability scanners)
✅ Understanding of software supply chain security: SLSA, SBOM, Sigstore/Cosign — experience or ability to ramp up quickly
✅ Comfortable leading incident investigations and finding root causes
✅ Speaks the same language as developers — can persuade, not just enforce
Strong plus:
Experience with compliance audits (SOC2, ISO 27001, PCI DSS)
Familiarity with OPA, Kyverno, Falco
Python / Go skills for building custom security tooling
Startup / product company background (small teams, high ownership)
#DevSecOps #AWS #CI/CD #SLSA #SupplyChainSecurity #EU #Remote #Hiring #InfrastructureAsCode #DevOps #CloudSecurity
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →
Текст вакансии взят без изменений
Источник -
Похожие вакансии
20 часов назад
Senior Cybersecurity DevSecOps Engineer (Cybersecurity/DevOps)
141 800 - 173 300$
50 минут назад
Devsecops Engineer (Medtech)
100 000€
3 дня назад
Senior Software Engineer (Infrastructure)
Юникорн
2 дня назад
Senior Security Engineer / DevSecOps
150 000 - 250 000₽
6 дней назад
Senior DevSecOps Engineer
1 день назад