Senior DevSecOps Engineer
full-time•Ренійська міська громада
About this role
<p><strong><em>This is us</em></strong><em><br><br></em>At Avenga, we believe that human creativity empowers technology that matters. Operating globally, our 6000+ specialists provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and Ul design, managed services, product development, and software development. <br></p><p><strong><em>This is the job</em></strong><br></p><p>We are looking for a <strong>DevSecOps Engineer</strong> to lead security-by-design practices across GitLab CI/CD. You will help enforce application security, compliance, and delivery reliability through automation, vulnerability management, and secure SDLC standards. This role includes transitioning legacy security tools to GitLab-native capabilities and working closely with InfoSec, Cloud Platform, and Product teams.<br><strong><em><br>This is you</em></strong></p><ul><li><p>Proven experience with <strong>GitLab Ultimate security features</strong> and CI/CD administration</p></li><li><p>Hands-on with <strong>SAST, DAST, SCA</strong>, container scanning, and secret detection in automated pipelines</p></li><li><p>Practical experience with SCA tools like <strong>BlackDuck, Nexus Lifecycle, Snyk</strong></p></li><li><p>Familiar with <strong>SonarQube</strong> for code quality</p></li><li><p>Strong scripting/automation skills in <strong>Python, Bash, YAML</strong></p></li><li><p>Solid fundamentals in <strong>container and cloud security</strong> (Docker, Kubernetes, image scanning, registry hardening)</p></li><li><p>Experience with <strong>threat modeling, risk assessment, and remediation planning</strong></p></li></ul><p>Nice-to-have skills:</p><ul><li><p>Relevant certifications: <strong>DevSecOps Professional, CKS, Security+</strong>, or equivalent</p></li><li><p>IaC security tooling experience (<strong>Terraform + OPA, Conftest, Checkov</strong>)</p></li><li><p>Knowledge of <strong>software supply chain security</strong>, including <strong>SBOM</strong>, <strong>Cosign</strong>, and <strong>SLSA</strong></p></li><li><p>Familiarity with <strong>DORA metrics</strong> and security KPI reporting</p></li></ul><p><strong><em>This is your role</em></strong></p><ul><li><p>Drive <strong>secure-by-design</strong> guardrails across GitLab CI/CD</p></li><li><p>Implement and maintain <strong>automated security scanning</strong>: SAST, DAST, SCA, container, and secret detection</p></li><li><p>Enforce <strong>policy-as-code</strong> (branch protection, MR approvals, vulnerability gates, artifact signing)</p></li><li><p>Manage <strong>vulnerability lifecycle</strong>: periodic assessments, triage, remediation planning, and tracking to closure</p></li><li><p>Collaborate with engineering and product stakeholders to prioritize security fixes</p></li><li><p>Align controls with <strong>CIS, NIST,</strong> and (if applicable) <strong>GDPR</strong></p></li><li><p>Enable <strong>audit-ready reporting</strong>, <strong>SBOM generation</strong>, and security KPIs in observability dashboards</p></li><li><p>Implement secure <strong>IaC</strong> using Terraform/Ansible and apply least-privilege and zero-trust patterns</p></li><li><p>Harden CI/CD infrastructure: build runners, container images, registries, and deployment targets</p></li><li><p>Champion <strong>shift-left security</strong> via training, playbooks, and standardized toolchains</p></li><li><p>Document security runbooks and contribute to SDLC harmonization standards</p></li></ul><p> </p><p><strong><em>What awaits you at Avenga?</em></strong><em><br><br>At Avenga, everyone matters. We provide equal opportunities in recruitment, career development, and leadership, regardless of race, ethnicity, gender identity, sexual orientation, disability, age, religion, or any other characteristic. We are committed to fostering a work environment where our diverse community of employees, candidates, and business partners actively shapes our growth. By bringing together people from different backgrounds and experiences, we build a workplace where everyone feels free to be themselves while honoring the boundaries of others.</em></p>
What you'll do
- Drive secure-by-design practices across GitLab CI/CD and implement automated security scanning. Collaborate with engineering and product teams to prioritize security fixes and manage the vulnerability lifecycle.
About Avenga
Avenga is an international consultancy and technology solutions partner creating unique solutions that solve complex business and societal challenges. With 6000+ specialists they operate globally and provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and UI design, managed services, product development, and software development. Avenga serve a wide range of industries, from telco and satellite operators to banking, manufacturing, automotive, mobility, and life sciences - driving their AI-first transformation. Our AI capabilities are embedded across all offerings, enabling organizations to drive intelligent automation, accelerate decision-making, and deliver highly personalized user experiences.
Avenga is a part of the technology pillar within the family owned KKCG Group.
Ready to join Avenga?
Take the next step in your career journey
Frequently Asked Questions
What does a Senior DevSecOps Engineer do at Avenga?
As a Senior DevSecOps Engineer at Avenga, you will: drive secure-by-design practices across GitLab CI/CD and implement automated security scanning. Collaborate with engineering and product teams to prioritize security fixes and manage the vulnerability lifecycle..
Is the Senior DevSecOps Engineer position at Avenga remote?
The Senior DevSecOps Engineer position at Avenga is based in Ренійська міська громада, Odesa Oblast, Ukraine. Contact the company through Clera for specific work arrangement details.
How do I apply for the Senior DevSecOps Engineer position at Avenga?
You can apply for the Senior DevSecOps Engineer position at Avenga directly through Clera. Click the "Apply Now" button above to start your application. Clera's AI-powered platform will help match your profile with this opportunity and guide you through the application process.