Senior Cybersecurity SME / DevSecOps Consultant

We are looking for an experienced Senior Cybersecurity SME / Consultant to support the security maturity of engineering platforms, CI/CD ecosystems, cloud infrastructure, and developer tooling within a large-scale regulated environment. This role combines cybersecurity consulting, DevSecOps, platform security, and stakeholder engagement across global engineering teams.

• Strong experience in Cybersecurity, DevSecOps, Platform Security, or Security Engineering roles
• Deep understanding of CI/CD pipelines, cloud-native platforms, Kubernetes/container environments, developer tooling and runtime infrastructure
• Hands-on experience with threat modelling, security assessments, vulnerability management, secure SDLC / DevSecOps practices
• Experience with AWS, Azure and/or GCP
• Strong knowledge of application security, cloud security, network security, and security automation
• Experience working in enterprise or regulated environments
• Strong communication and stakeholder management skills

Nice to have:

• Experience with SLSA, SBOM, supply chain security
• Security certifications such as CISSP, CISM, CCSP
• Financial services or fintech background preferred

• Conduct security assessments of CI/CD pipelines, build systems, runtime environments, and developer platforms
• Perform threat modelling, gap analysis, and identify security risks across engineering ecosystems
• Define secure engineering standards, security baselines, and policy-as-code controls
• Support implementation of secure-by-design practices across cloud and platform environments
• Drive security improvements related to:
  • vulnerability management
  • software supply chain security
  • SBOM
  • code-signing
  • artifact integrity
  • access and configuration security
• Build and support security roadmaps with engineering and platform teams
• Act as a trusted advisor for engineering leadership and security stakeholders

Hybrid working: 6 days a month at the office in Kraków