The Senior DevSecOps/DevOps Engineer is responsible for integrating security best practices into our DevOps platforms and product environments. This role operates independently from delivery ownership to ensure objective risk identification, reporting, and mitigation.

You will collaborate closely with DevOps, engineering, and product teams to promote secure development practices while maintaining transparency and governance over security risks.

1. Vulnerability Management – DevOps Platforms

Track and follow vulnerabilities related to:
- CI/CD tools (e.g. Jenkins, GitLab, wiki, agents)
- Container platforms and base images
- OS packages, middleware, and supporting services
Coordinate patching and remediation with DevOps engineers
Maintain a central vulnerability follow-up list (with severity and status)

2. Security & Network Review

Review and document:
- Cloud and on-prem network architecture
- Firewall rules, NAT rules, VPNs, access paths
- CI/CD system access and segregation of duties
Identify security gaps and improvement opportunities
Propose remediation actions and track closure

3. Security Standards & Best Practices

Promote and enforce secure coding standards
Assist development teams in implementing security controls
Integrate security testing into CI/CD pipelines (SAST, DAST, dependency scanning)
Contribute to security documentation and internal guidelines

4. Reporting & Governance

Maintain clear reporting of security risks and remediation status
Provide visibility into security posture across platforms and products
Escalate critical risks appropriately
Ensure security assessments remain independent from delivery timelines

Required Qualifications

Technical Skills
- Understanding of DevOps practices and CI/CD workflows
- Knowledge of application and infrastructure security principles
- Familiarity with vulnerability management tools
- Basic understanding of cloud platforms (AWS, Azure, GCP, SAP BTP)
- Awareness of container technologies (Docker, Kubernetes)
- Understanding of secure coding practices
Soft Skills
- Good English communication required
- Strong analytical and problem-solving skills
- Clear and effective communication abilities
- Ability to collaborate cross-functionally
- High level of integrity and objectivity
- Eagerness to learn and grow in the DevSecOps domain

Preferred Qualifications

Experience integrating security tools into CI/CD pipelines
Familiarity with security frameworks (ISO 27001, OWASP, NIST)
Relevant certifications (e.g., Security+, CEH, DevSecOps-related credentials)

15 days of annual leaves
Competitive salary (+13-month salary include)
Health insurance, social insurance according to the government regulations
PVI Healthcare Insurance
Have a chance to work in an international, friendly, open environment
Annual Travel opportunity