Job offers
Back to job offers
0
0
DevSecOps Engineer
Published on: 1767744000

In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting edge technologies that shape the world of the future. Currently, we are looking for a DevSecOps Engineer to join our team.

 

Project information:

  • Location: Kraków (Hybrid work model, 5 days per month from the office)
  • Remuneration: up to 140 net + VAT per hour on B2B
  • Type of employment: B2B contract
  • Project language: English

 

Your tasks:

  • Designing and maintaining Groovy-based Jenkins pipeline steps (build, test, package, scan, deploy)
  • Extending Python tooling to support:
    • SLSA provenance
    • SBOM generation (CycloneDX)
    • Hash/digest accuracy
    • Aggregation of security scan results (SonarQube, Sonatype IQ, SAST, container scans)
  • Optimizing CI/CD performance through:
    • Parallel builds
    • Intelligent caching
    • Dependency prefetching
    • Scope-reduced BOMs
  • Ensuring artifact integrity and traceability:
    • Correct SHA1/SHA256 mapping
    • Reproducible inputs
    • Evidence and metadata modeling
  • Refactoring legacy pipeline scripts:
    • Removing global state
    • Consolidating hashing logic
    • Standardizing pipeline templates
  • Documenting CI standards and best practices 
  • Mentoring engineers on secure pipeline development and software supply-chain security
  • Troubleshooting, preventing, and resolving CI/CD pipeline incidents
Closes in 27 days!

Location:

Salary:

Requirements:

  • 7+ years of engineering experience, including 3+ years in CI/CD platform engineering or DevSecOps
  • Strong expertise in Jenkins and Groovy shared libraries
  • Advanced Python automation skills (JSON/YAML processing, tooling scripts)
  • Deep knowledge of Maven, NPM, and Python packaging
  • Hands-on experience with Helm, Terraform, and container image metadata
  • Solid understanding of software supply-chain security (SLSA, CycloneDX SBOM, cryptographic digests)
  • Experience with security and quality scanning tools:
    • SonarQube
    • Sonatype IQ
    • SAST and container scanning
  • Proven experience in CI/CD performance tuning (caching, parallelization, dependency pruning)
  • Awareness of compliance and security standards

 

Nice to have:

  • Artifact signing and attestations (e.g. cosign, OCI)
  • Experience publishing Terraform modules and Helm charts
  • GitOps or release automation experience
  • Cloud experience with AWS and/or GCP

 

We offer:

  • Private medical care with dental care (covering 70% of costs) + rehabilitation package. Family package option possible.
  • Multisport card (also for an accompanying person).
  • Life insurance.
  • Work with talented engineers on large-scale, technically challenging

Explore more

Find out how it is to work with us

Find out more

Our Clients

We proudly deliver to the leaders across industries.

Our Clients

Our Offices

  • Villeneuve-Loubet, FRANCE
  • Warsaw, POLAND
  • Katowice, POLAND
  • Casablanca, MOROCCO
  • Rabat, MOROCCO
  • Makati City, PHILIPPINES

See our offices

Follow us in Social Media

sociaal-icon
sociaal-icon
sociaal-icon
sociaal-icon

Question? Drop us an email

office@cyclad.eu

Data Protection Officer: iod@cyclad.pl