This is a fully remote position, open to applicants in Romania.

• Take ownership and implement DevSecOps practices throughout CI/CD pipelines (SAST, DAST, SCA, and other methodologies)

• Incorporate automated security tools into development processes to minimize manual security checkpoints

• Collaborate with development teams to conduct secure code reviews and threat modeling exercises

• Lead efforts in identifying, triaging, and remediating vulnerabilities across both infrastructure and applications

• Oversee the management of the security tooling stack

• Create and uphold a risk register; monitor remediation service level agreements (SLAs)

• Direct or facilitate internal and external penetration testing cycles

• Organize crowd testing initiatives

• Develop and sustain an incident response playbook; assist in incident investigations

• Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant data protection standards

• Establish and enforce security policies, standards, and training for developers

• Serve as the primary security subject matter expert (SME) for the engineering team

• Mentor developers on secure coding practices; foster a security-first engineering culture

• Liaise with external auditors, clients, and the executive team regarding security posture

• Over 5 years of experience in DevSecOps, application security, or security engineering

• Proven experience managing security in software development settings (beyond just operations/infrastructure)

• Strong background in development, with proficiency in at least one programming language (e.g., Python, Go, Java, C#)

• Practical experience with CI/CD security tools (including SAST, DAST, SCA integration, and secrets management)

• Knowledge of cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes)

• Familiarity with SOC 2 or ISO 27001 compliance frameworks

• Excellent communication skills in English, both written and verbal

• Preferred/Nice to Have

• Experience in penetration testing or relevant certifications (OSCP, CEH, GPEN)

• Security-related certifications (CISSP, CSSLP, AWS Security Specialty, or equivalent)

• Background in a B2B SaaS or cybersecurity product organization

• Understanding of insider threat, DLP, or endpoint security product domains

• Competitive salary

• Flexible paid time off policy

• Laptop reimbursement

• Continuous training, development, and opportunities for career advancement

• Opportunity to work with an open stack of technologies, allowing for learning and personal growth

• Engagement with complex problem-solving and active feature development, rather than solely addressing bugs and refactoring

• Collaboration with an innovative team where new ideas flourish, experience is valued, and talent is nurtured, enabling you to make a quick impact.

Lead DevSecOps Engineer

People also viewed