DevSecOps Security Consultant

Mindbox is a tech-driven company connecting top IT talents with technology projects for leading enterprises across Europe, focusing on consulting, engineering, and talent development.

• Proven experience in cybersecurity within large, regulated organizations.
• Deep understanding of CI/CD systems, build tools, artifact repositories, runtime environments, and developer tools.
• Advanced knowledge of DevSecOps practices, including pipeline security and automation of security controls.
• Experience in threat modeling, platform-level security assessments, and security gap remediation.
• Familiarity with cryptography, vulnerability management, and application/network security.
• Strong skills in stakeholder management and driving alignment across distributed technology teams.
• Ability to articulate technical risk in business language.

Preferred:

• Certifications such as CISSP, CISM, CCSP, CCSK.
• Knowledge of Cloud Security (AWS, GCP, Azure) and container orchestration (Kubernetes).
• Experience with supply chain security frameworks (SLSA, SBOM) and secure developer tooling.

• Develop an Engineering-Platform Cybersecurity Maturity Framework for standardized assessments.
• Conduct security assessments of CI/CD pipelines, runtime environments, build infrastructures, and developer tools against the framework.
• Perform threat modeling, gap analysis, and identify systemic vulnerabilities impacting code integrity and workload security.
• Define and enforce secure architecture patterns, policy-as-code, and automated security controls.
• Partner with platform owners to remediate critical gaps and implement scalable solutions for secure artifact integrity, access management, and configuration hardening.
• Integrate vulnerability management, SBOM generation, provenance, and code-signing into DevOps workflows.
• Build security roadmaps balancing quick wins and long-term improvements.
• Prioritize initiatives based on business risk and compliance requirements.
• Serve as a trusted cybersecurity advisor to platform owners, engineering teams, and senior leadership.
• Influence adoption of secure engineering practices across federated teams.
• Track maturity metrics and drive measurable security improvements.
• Evolve frameworks based on emerging threats, technology shifts, and regulatory changes.