DevSecOps

Software Mind

full-time

Posted on: 9/11/2025

Origin: • 🇵🇱 Poland

✨ AI Apply

Mid-LevelSenior

AWSCloudGoogle Cloud PlatformGrafanaKubernetesPrometheusTerraformVault

About the role

Partner with platform, SRE, and application Teams to identify and deliver security improvements in existing GCP & AWS estates
Implement guardrails and secure defaults (IAM least privilege, org policies/SCPs, encryption, secrets) as reusable patterns
Embed scanning and supply-chain controls in CI/CD (SAST/DAST, image & secret scanning, SBOMs)
Strengthen container and Kubernetes security (GKE/EKS) with admission, runtime, and network policies
Build actionable logging, monitoring, and alerting (Cloud Logging/CloudWatch, Prometheus/Grafana, ELK/OpenSearch)
Design and deliver changes as Terraform (modules, testing, pipelines, policy-as-code)
Contribute to incident response playbooks and post-incident improvements

4+ years in DevSecOps/Cloud Security/Platform roles across GCP & AWS
Practical Terraform expertise (HCL, modules, state, testing) and an "everything as code" mindset
Strong knowledge of IAM, network security, encryption, secrets, and logging/monitoring
Experience securing containers and Kubernetes (GKE/EKS), including admission & network policies
Hands-on with vulnerability, dependency, and secret scanning; familiarity with SBOMs
Ability to collaborate across teams and communicate clearly in English (B2+)
Based in the EU (remote) or open to work from our PL offices; readiness for standard background checks if required
Google Cloud certifications – Professional Cloud Security Engineer; DevOps Engineer; Cloud Architect (advantage)
AWS certifications – Security (Specialty), Solutions Architect, DevOps Engineer (advantage)
Policy-as-code (OPA/Gatekeeper/Kyverno), secret management (Vault), image signing/provenance (sigstore/cosign) (advantage)
Experience with GitOps, cost-aware security, and platform enablement (advantage)