DevSecOps & Application Security Lead
Europe | Full-time
Responsibilities
- Build the DevSecOps/AppSec function from scratch, and create the roadmap, KPIs, and metrics for leadership
- Create secure development processes, including release security gates and vulnerability management
- Choose, configure, and integrate security scanners (SAST, SCA, secrets) with a focus on automation and AI-assisted workflows
- Integrate security checks into pipelines and development processes together with Engineering, DevOps, and Product teams
- Run threat modeling and security reviews for high-risk systems and major architecture changes
- Create clear security standards, checklists, and practical guidelines for developers (covering code, APIs, and secrets)
- Launch and grow a Security Champions program to involve engineers in security processes
- Help investigate incidents related to application vulnerabilities, leaked secrets, and supply-chain attacks
Requirements
- 5+ years of experience in DevOps, SRE, Platform Engineering, or related infrastructure/security roles
- 3+ years focused on DevSecOps and Application Security
- 1+ years in a lead/ownership role
- Deep understanding of modern software development, Git workflows, and hands-on experience integrating security checks into CI/CD pipelines without creating bottlenecks
- Practical experience with SAST, SCA, secrets scanning, and vulnerability management (triage, risk rating, remediation, and validation)
- Ability to select and scale security tools based on accuracy, false-positive rates, and developer experience
- Strong knowledge of web/API/mobile risks (OWASP Top 10, auth, supply-chain risks) and ability to run threat modeling and secure design reviews
- Good scripting skills (Python, Bash, or similar) and understanding of cloud-native/containerized environments
- Ability to write clear security requirements and guidelines for developers
- English – Intermediate+ or higher
Will be a plus
- Experience building AppSec/DevSecOps functions from scratch or early maturity stages
- Hands-on experience with tools like Snyk, Aikido, Semgrep, Trivy, Gitleaks, GitHub/GitLab Security, or SonarQube
- Experience with cloud/IaC security, Kubernetes, and mobile app security
- Knowledge of compliance standards (SOC 2, ISO 27001, PCI DSS, DORA) and experience with Bug Bounty or pentest coordination
- Experience with Security Champions programs and AI-assisted security tools
We offer
- 20 paid vacation days per year
- 10 paid sick leave days per year
- Public holidays as per the company’s approved Public holiday list
- Medical budget
- Opportunity to work remotely
- Professional education budget
- Language learning budget
- Wellness budget (gym membership, sports gear and related expenses)