IT Security (CI/CD & Pentest)

@import url('https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,300;0,400;0,500;0,700;0,900;1,100;1,300;1,400;1,500;1,700;1,900&display=swap'); .template__td { font-family: 'Poppins', sans-serif; } .svg-color path { fill: #223F99 } SALARY Negotiable RESPONSIBILITIES Design and implement secure CI/CD pipelines using tools such as Jenkins, GitLab CI, GitHub Actions, CircleCI, or AWS CodePipeline, integrating automated security testing (e.g., SAST - Static Application Security Testing, DAST - Dynamic Application Security Testing, SCA - Software Composition Analysis). Integrate security into all stages of the SDLC (shift-left security), including threat modeling, vulnerability scanning, and secrets management. Monitor and analyze security risks in the CI/CD process, address vulnerabilities promptly, and ensure compliance with standards such as OWASP Top 10, OWASP MASVS, CIS Controls, and organizational compliance requirements. Vulnerability Management & Pen-Testing – Run vulnerability scans, conduct red/blue-team or penetration tests, document risk ratings, and track closure of findings. Collaborate with teams to automate security testing, conduct penetration testing, and continuously improve the DevSecOps process to accelerate development while ensuring software security. Build and maintain Infrastructure as Code (IaC) with Terraform or Ansible, ensuring security for containerized environments (Docker, Kubernetes). Develop regular reports on security performance and compliance levels within the CI/CD process. REQUIREMENTS Knowledge of conducting regular vulnerability assessments of the systems to prevent any security incident. Knowledge in penetration testing, networking, system administration, and operating systems. At least 1–3 years of experience in DevOps or DevSecOps, with a strong focus on building CI/CD pipelines and integrating security into the SDLC. Hands-on experience in deploying and using open-source security tools such as SonarQube, Trivy, OWASP ZAP, GitLeaks, Semgrep, Checkov, and similar solutions. Strong knowledge of container security and scripting languages (Python, Bash, Go) for process automation. Experience in highly regulated industries requiring strong security practices, such as finance. BENEFIT Receiving all the benefits as company compensation policy (premium health care insurance, annual travel, etc.). Friendly, dynamic working environment, support for career development. Joining training courses organized by company. Many other benefits when joining us.