Senior DevSecOps Engineer
This is us
At Avenga, we believe that human creativity empowers technology that matters. Operating globally, our 6000+ specialists provide a full spectrum of services, including business and tech advisory, enterprise solutions, CX, UX and Ul design, managed services, product development, and software development.
This is the job
We are looking for a DevSecOps Engineer to lead security-by-design practices across GitLab CI/CD. You will help enforce application security, compliance, and delivery reliability through automation, vulnerability management, and secure SDLC standards. This role includes transitioning legacy security tools to GitLab-native capabilities and working closely with InfoSec, Cloud Platform, and Product teams.
This is you
- Proven experience with GitLab Ultimate security features and CI/CD administration
- Hands-on with SAST, DAST, SCA, container scanning, and secret detection in automated pipelines
- Practical experience with SCA tools like BlackDuck, Nexus Lifecycle, Snyk
- Familiar with SonarQube for code quality
- Strong scripting/automation skills in Python, Bash, YAML
- Solid fundamentals in container and cloud security (Docker, Kubernetes, image scanning, registry hardening)
- Experience with threat modeling, risk assessment, and remediation planning
Nice-to-have skills:
- Relevant certifications: DevSecOps Professional, CKS, Security+, or equivalent
- IaC security tooling experience (Terraform + OPA, Conftest, Checkov)
- Knowledge of software supply chain security, including SBOM, Cosign, and SLSA
- Familiarity with DORA metrics and security KPI reporting
This is your role
- Drive secure-by-design guardrails across GitLab CI/CD
- Implement and maintain automated security scanning: SAST, DAST, SCA, container, and secret detection
- Enforce policy-as-code (branch protection, MR approvals, vulnerability gates, artifact signing)
- Manage vulnerability lifecycle: periodic assessments, triage, remediation planning, and tracking to closure
- Collaborate with engineering and product stakeholders to prioritize security fixes
- Align controls with CIS, NIST, and (if applicable) GDPR
- Enable audit-ready reporting, SBOM generation, and security KPIs in observability dashboards
- Implement secure IaC using Terraform/Ansible and apply least-privilege and zero-trust patterns
- Harden CI/CD infrastructure: build runners, container images, registries, and deployment targets
- Champion shift-left security via training, playbooks, and standardized toolchains
- Document security runbooks and contribute to SDLC harmonization standards
Required skills experience
| Security | 6 years |
| GitLab Ultimate | 4 years |
| BlackDuck | 2 years |
| SAST/DAST | 4 years |
| Python | 2 years |
Required languages
| English | B2 - Upper Intermediate |
| Ukrainian | Native |