DevSecOps Service Owner

Transforming the way customers experience mobility, responsibly. Delivering innovation at the speed of life.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
• Experience in DevOps, DevSecOps, Platform Engineering, or Application Security roles.
• Strong hands-on experience with CI/CD pipelines and modern SDLC practices.
• Demonstrated experience implementing SAST, DAST, SCA, container and artifact scanning, secrets management, and pipeline security controls.
• Experience with cloud platforms (AWS, Azure, or GCP).
• Strong understanding of Agile, DevOps, and secure-by-design principles.
• Experience with incident and service management practices.

Nice to have:

• Experience with enterprise toolchains (e.g., Jira, GitHub, GitHub Actions, ServiceNow).
• Familiarity with DORA metrics and developer productivity frameworks.
• Experience in regulated environments.
• Knowledge of policy-as-code tools (e.g., OPA, Sentinel).
• Security or cloud certifications (e.g., CISSP, CCSP, AWS Security).
• Experience leading platform or shared services teams.
• 5 years of experience in a similar role.
• Proficiency in Polish and English languages.

• Define and maintain the DevSecOps service roadmap aligned with business and security priorities.
• Establish service standards, guardrails, and reference architectures for the DevSecOps platform.
• Embed security controls into CI/CD pipelines and developer workflows.
• Drive adoption of secure coding, SAST, DAST, SCA, secrets scanning, and container security.
• Define and enforce security gates and quality thresholds across the SDLC.
• Ensure high availability, performance, and resilience of DevSecOps tooling and pipelines.
• Define SLAs/SLOs and monitor service health.
• Lead incident management and root cause analysis for platform issues.
• Manage upgrades, capacity planning, and technical debt.
• Ensure DevSecOps processes meet internal security policies and external regulatory requirements.
• Support audit readiness (e.g., SOX, ISO, SOC2).
• Implement access controls, audit logging, and segregation of duties.
• Drive pipeline standardization and reusable automation patterns.
• Reduce manual controls through policy-as-code and infrastructure-as-code.
• Continuously optimize lead time, deployment frequency, and failure rates.
• Act as the primary service owner and escalation point.
• Manage service demand, intake, and prioritization.
• Manage DevSecOps platform budget and forecast.