Plus
Включить Plus
Назад
Company hidden
2 дня назад

DevSecOps & Application Security Lead

Формат работы
remote (только Europe)
Тип работы
fulltime
Грейд
lead
Английский
b2
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

DevSecOps & Application Security Lead (DevSecOps/AppSec): Building the DevSecOps and Application Security function from scratch, including roadmaps, KPIs, and secure development processes with an accent on automation and AI-assisted workflows. Focus on integrating security scanners into CI/CD pipelines, running threat modeling for high-risk systems, and establishing a Security Champions program.

Location: Remote within Europe

Company

hirify.global is a financial services provider specializing in online trading.

What you will do

  • Build the DevSecOps/AppSec function from scratch, creating the strategic roadmap, KPIs, and metrics for leadership.
  • Develop secure development processes, including release security gates and comprehensive vulnerability management.
  • Configure and integrate security scanners (SAST, SCA, secrets) with a focus on automation and AI-assisted workflows.
  • Collaborate with Engineering, DevOps, and Product teams to integrate security checks directly into CI/CD pipelines.
  • Conduct threat modeling and security reviews for high-risk systems and major architectural changes.
  • Launch a Security Champions program and create practical security standards and guidelines for developers.

Requirements

  • 5+ years of experience in DevOps, SRE, or Platform Engineering.
  • 3+ years of dedicated focus on DevSecOps and Application Security.
  • 1+ years of experience in a lead or ownership role.
  • Deep expertise in Git workflows and integrating security tools into CI/CD without creating bottlenecks.
  • Strong knowledge of OWASP Top 10, API/mobile risks, and the ability to perform secure design reviews.
  • English: Intermediate+ (B2) or higher required.

Nice to have

  • Experience with tools such as Snyk, Aikido, Semgrep, Trivy, Gitleaks, or SonarQube.
  • Knowledge of compliance standards including SOC 2, ISO 27001, PCI DSS, or DORA.
  • Hands-on experience with Kubernetes, Cloud/IaC security, and mobile app security.
  • Experience coordinating Bug Bounty programs or external penetration tests.

Culture & Benefits

  • 20 days of paid annual vacation and 10 days of paid sick leave.
  • Dedicated budgets for medical expenses, professional education, and language learning.
  • Wellness budget covering gym memberships and sports gear.
  • Flexible remote work arrangements within the specified region.
  • Public holidays according to the company's approved calendar.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →