DevSecOps Security Consultant

• Strong experience in cybersecurity within enterprise-scale or highly regulated environments
• Deep understanding of DevSecOps practices and secure software delivery
• Hands-on experience with:
  • CI/CD platforms and build systems
  • Developer tooling and artifact repositories
  • Vulnerability management and security automation
  • Application and network security
  • Threat modelling and risk assessments
• Experience building or implementing security frameworks, maturity models, or transformation roadmaps
• Strong communication and stakeholder management skills
• Ability to work effectively with both technical and non-technical teams

Nice to Have

• Certifications such as CISSP, CISM, CCSP, CCSK, or similar
• Experience with cloud platforms (AWS, Azure, GCP)
• Knowledge of Kubernetes and container security
• Familiarity with software supply chain security, SLSA, SBOM, or secure developer tooling initiatives
• Experience working in international or highly regulated environments

Job Description – Senior DevSecOps / Platform Security Consultant

We are looking for an experienced Senior DevSecOps / Platform Security Consultant to join a global engineering and cybersecurity environment focused on improving security maturity across modern engineering platforms and software delivery processes.

In this role, you will work closely with engineering teams and platform owners to strengthen the security posture of CI/CD pipelines, developer tooling, runtime environments, and software supply chain processes. You will help define secure engineering standards, conduct platform security assessments, and drive secure-by-design practices across large-scale technology environments.

This is an excellent opportunity for a senior cybersecurity professional who combines strong technical expertise with stakeholder management and consulting skills.

Responsibilities

Security Frameworks & Assessments

• Develop and maintain cybersecurity maturity frameworks for engineering platforms
• Conduct security reviews of CI/CD pipelines, build systems, runtime infrastructure, and developer tooling
• Perform threat modelling, risk assessments, and gap analysis
• Identify vulnerabilities and systemic security risks impacting software delivery environments

DevSecOps & Platform Security

• Define and promote secure engineering standards and architecture patterns
• Implement security baselines using policy-as-code and automated controls
• Support engineering teams in improving artifact integrity, access management, and configuration security
• Integrate security practices such as vulnerability management, SBOM, provenance, and code signing into development workflows

Security Roadmaps & Continuous Improvement

• Prioritize security initiatives based on business risk and operational impact
• Build and execute platform security roadmaps together with engineering stakeholders
• Drive continuous improvement of cybersecurity maturity across engineering platforms
• Promote a strong secure-by-design culture through collaboration and knowledge sharing

Stakeholder Management

• Act as a trusted advisor for senior engineering and cybersecurity stakeholders
• Translate technical risks into business impact and actionable recommendations
• Support governance processes and provide visibility into security maturity progress
• Drive alignment and adoption of cybersecurity best practices across distributed teams

Employment Details

• B2B contract
• Hybrid work model – 6 office visits per month
• Office locations: Kraków (preferred) or Warszawa

Benefits

• LuxMed private medical care
• MyBenefit cafeteria platform
• Dedicated Contractor Care support

Requirements: Cybersecurity, CI/CD, Security, Network Security, Stakeholder management, CISSP, CISM, CCSK, Cloud platform, AWS, Azure, GCP, Kubernetes