DevSecOps Security Analyst

Join us, and safeguard our applications with advanced security measures!

Krakow-based opportunity with the possibility to work 100% remotely!

As an DevSecOps Security Analyst, you will be working for our client, a major global financial institution. You will be an integral part of the Secure Development team, contributing to the development and adoption of security utilities and tools. Your role will focus on enhancing the efficiency and security of development teams through hands-on technology use and providing key security recommendations.

Your main responsibilities:

• Developing and adopting security utilities and tools for development teams
• Contributing to the design, development, and support of security tools
• Liaising with developers and project managers to understand application implementations
• Staying updated with industry trends and best practices
• Training and supporting developer and security champion activities
• Overseeing changes in risk profiles through metrics and risk analysis
• Supporting quality reviews, audit requirements, and service desk management
• Integrating and automating various security technologies within DevOps tooling pipelines
• Contributing to process, procedure, and tool identification and development
• Ensuring security mechanisms are effectively employed in applications

You’re ideal for this role if you have:

• Understanding of integration and automation of security technologies (SAST, DAST, MAST, IAST, container security tools) container security tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc.)
• Experience with DevSecOps and a focus on security
• Knowledge of platform-specific security risks and common vulnerabilities
• Understanding of common public cloud environments (AWS, GCP, Azure, Alicloud)
• Proficiency in identifying vulnerabilities within development pipelines
• Knowledge of Common Vulnerability Scoring System (CVSS)
• Experience with collaboration tools, preferably JIRA and Confluence
• Strong analytical skills, including attention to detail and problem-solving
• Knowledge of security flaws in Java, J2EE, Objective C, Swift, and Kotlin programming languages

It is a strong plus if you have:

• Understanding of emerging technologies and corresponding security threats
• Proficiency in one or more industry security tooling (Checkmarx, Invicti(Netsparker), Quokka(Kryptowire), IriusRisk, Aquasec, etc.)
• Experience with mobile application architectures (HTML, XML, JavaScript, JSON, REST, Microservices)

#GETREADY  to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Polish, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at recruitment@itds.pl.

Internal number #5345