DevSecOps, Krakow

LotusFlare is a company operating a cloud native Digital Network Operator stack. The role is based in Krakow, Poland, at Aleja Pokoju 18 (Fabryczna Office Park).

• 3+ years of DevOps or DevSecOps experience
• Experience securing CI/CD pipelines
• Familiarity with modern DevSecOps tooling (SAST, DAST, SCA, IaC scanning)
• Cloud-native infrastructure stack experience with tools like Terraform and Ansible
• Experience in implementation of security controls and familiarity with SCAP and continuous security monitoring solutions
• Knowledge of Network Security Concepts, Linux System Security and System Hardening, Data Classification and Data Security Concepts
• Ability to analyze and resolve complex infrastructure resource and application deployment issues
• Minimum Intermediate level of English

Nice to have:

• Cloud Security, particularly AWS
• Experience with intrusion detection solutions and web application firewalls/L7 proxies
• Experience in Server Application security concepts and security controls
• Hands-on experience with Qualys
• Scripting and automation skills in Python, Go, and similar languages
• Understanding of user access controls, SSO, user profile integrity, and access management controls

• Actively manage the security of the cloud-native runtime environment
• Clearly and promptly communicate and negotiate security technical topics with both technical and non-technical audiences
• Drive security improvements to production cloud environments
• Perform targeted offensive security testing
• Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application, and infrastructure layers
• Review code and other production changes to maintain security standards
• Stay current on emerging security threats, vulnerabilities, and controls for the cloud
• Work with backend engineering teams on architecting, profiling, and monitoring high-performance, high availability product components as microservices
• Evolve the infrastructure and keep the stack up to date with the latest technologies