Utwórz profil, aby pracodawcy mogli Cię znaleźć, otrzymywać lepiej dopasowane oferty pracy i szybciej aplikować.
  • Wyszukiwanie ofert pracy
  • Zapisane
  • Stwórz CV
    Nowe
  • Wynagrodzenia
  • Subskrypcje

DevSecOps Engineer

1350 - 1450 zł / dziennie
Pełny etat

Mindbox Sp. z o.o.

Kraków

  • 7+ years of engineering experience , with 3+ years focused on CI/CD platforms or DevSecOps.
  • Solid expertise in Jenkins, Kubernetes (K8s) and Groovy Shared Libraries .
  • Advanced Python automation scripting (JSON/YAML processing, CLI tooling).
  • Strong understanding of Maven, NPM, Python packaging ; familiarity with Helm, Terraform, and container metadata.
  • Hands-on experience with supply-chain security , including SLSA frameworks, SBOM formats (CycloneDX), and cryptographic digests.
  • Security tools knowledge: SonarQube, Sonatype IQ, SAST, container scanning .
  • Proven track record in performance optimization of CI/CD pipelines.
  • Awareness of compliance and secure coding practices.

Nice-to-Have

  • Experience with artifact signing/attestations (e.g., cosign, OCI standards).
  • Hands-on knowledge of publishing Terraform modules and Helm charts.
  • Exposure to GitOps or automated release management.
  • Proficiency with major cloud providers, especially GCP or AWS .

Joining this project you’ll become part of Mindbox – a tech-driven company where consulting, engineering, and talent meet to build meaningful digital solutions. We’ll back you up every step of the way, accelerate your development, and ensure your skills make a difference.  

At Mindbox we connect top IT talents with technology projects for leading enterprises across Europe.  

Are you passionate about secure, high-performance CI/CD systems and cutting-edge DevSecOps practices? We are looking for a DevSecOps Engineer to own and evolve our Jenkins Shared Library, which powers multi-language builds including Java/Maven, Node/NPM, Python, Helm, Terraform, and container images.

Your work will strengthen supply-chain integrity, deliver secure, provenance-rich pipelines (SLSA, SBOM, digests), and ensure a seamless developer experience across teams.

Sounds like your kind of challenge? 

#LI-Hybrid

What you get in return

  • Flexible cooperation model – choose the form that suits you best
    (B2B, employment contract, etc.)
  • Hybrid work setup – 6 days per month in the office in Kraków 
  • Collaborative team culture – work alongside experienced professionals eager to share knowledge 
  • Continuous development – access to training platforms and growth opportunities 
  • Comprehensive benefits – including Interpolska Health Care, Multisport card, Warta Insurance, and more 
  • High quality equipment – laptop and essential software provided 
,[Design and maintain Groovy pipeline steps for build, test, package, scan, and deploy workflows., SLSA provenance and SBOM generation, Hash/digest validation, Security scan aggregation (SonarQube, Sonatype IQ, SAST, Container scans), Optimize pipeline performance (parallel builds, caching, reduced BOM scope, dependency prefetch)., Guarantee artifact integrity through SHA1/SHA256 mapping and evidence modeling., Refactor legacy scripts for maintainability and standardization., Document ci-config.yaml patterns and enforce best practices., Mentor engineers on secure pipeline development and compliance practices., Troubleshoot and proactively prevent pipeline-related incidents.] Requirements: Jenkins, Kubernetes, K8s, Groovy, Python, JSON, YAML, CLI, Maven, npm, Helm, Terraform, Security, SonarQube, SAST, CI/CD, Terraform modules, Helm Charts, Cloud, GCP, AWS
Oferta pracy dodana 27 dni temu