DevSecOps Security Consultant

Experienced Senior DevSecOps / Platform Security Consultant role in a global engineering and cybersecurity environment focused on improving security maturity across modern engineering platforms and software delivery processes.

• Strong experience in cybersecurity within enterprise-scale or highly regulated environments
• Deep understanding of DevSecOps practices and secure software delivery
• Hands-on experience with CI/CD platforms and build systems, developer tooling and artifact repositories, vulnerability management and security automation, application and network security, threat modelling and risk assessments
• Experience building or implementing security frameworks, maturity models, or transformation roadmaps
• Strong communication and stakeholder management skills
• Ability to work effectively with both technical and non-technical teams

Nice to have:

• Certifications such as CISSP, CISM, CCSP, CCSK, or similar
• Experience with cloud platforms (AWS, Azure, GCP)
• Knowledge of Kubernetes and container security
• Familiarity with software supply chain security, SLSA, SBOM, or secure developer tooling initiatives
• Experience working in international or highly regulated environments

Security Frameworks & Assessments:

• Develop and maintain cybersecurity maturity frameworks for engineering platforms
• Conduct security reviews of CI/CD pipelines, build systems, runtime infrastructure, and developer tooling
• Perform threat modelling, risk assessments, and gap analysis
• Identify vulnerabilities and systemic security risks impacting software delivery environments

DevSecOps & Platform Security:

• Define and promote secure engineering standards and architecture patterns
• Implement security baselines using policy-as-code and automated controls
• Support engineering teams in improving artifact integrity, access management, and configuration security
• Integrate security practices such as vulnerability management, SBOM, provenance, and code signing into development workflows

Security Roadmaps & Continuous Improvement:

• Prioritize security initiatives based on business risk and operational impact
• Build and execute platform security roadmaps together with engineering stakeholders
• Drive continuous improvement of cybersecurity maturity across engineering platforms
• Promote a strong secure-by-design culture through collaboration and knowledge sharing

Stakeholder Management:

• Act as a trusted advisor for senior engineering and cybersecurity stakeholders
• Translate technical risks into business impact and actionable recommendations
• Support governance processes and provide visibility into security maturity progress
• Drive alignment and adoption of cybersecurity best practices across distributed teams

• B2B contract
• Hybrid work model with 6 office visits per month
• Office locations: Kraków (preferred) or Warszawa
• Only candidates able to work hybrid in Poland considered