Secure Development Analyst (AppSec / DevSecOps)

About the role

We are seeking a Secure Development Analyst to strengthen our DevSecOps capabilities. You will enhance our CI/CD delivery by embedding automated security controls, ensuring the Jenkins + Podman ecosystem runs smoothly, and partnering with engineering teams to reduce risk.

Key responsibilities

• Operate and evolve DevSecOps infrastructure supporting Veracode scans across Jenkins and Podman.
• Maintain and improve CI/CD pipelines by adding automated SAST, SCA, DAST, secret scanning, and container image analysis controls.
• Design security gates that balance risk reduction with developer velocity.
• Integrate and maintain tooling connections with Bitbucket, SonarQube, and JFrog Artifactory.
• Triage security findings, prioritize remediation, and guide teams through resolution.
• Conduct early design and story reviews in agile delivery against defined security standards.
• Collaborate with development and architecture teams to promote secure coding practices.

Required profile

• 2+ years of experience in Application Security, DevSecOps, DevOps, or development with a security focus.
• Hands‑on experience with Jenkins (declarative pipelines, shared libraries) and Podman for containerized build and scan workflows.
• Strong knowledge of secure development frameworks and standards such as NIST SSDF, OWASP ASVS, OWASP SAMM, OWASP Top 10, SEI CERT, MITRE ATT&CK, and CWE Top 25.
• Understanding of security testing approaches (SAST, SCA, DAST, IAST, secret scanning) and container ecosystems (Docker, Kubernetes/OpenShift).
• Familiarity with cloud platforms (AWS, Azure, or GCP) and CIS Benchmarks.
• Ability to read and analyze source code in Java, Node.js, JavaScript/TypeScript, Python, Go, or .NET.
• Good communication skills in English (B1+).

Required skills

• Jenkins
• Podman
• Veracode, Checkmarx, Snyk, Semgrep, GitLeaks
• SAST, SCA, DAST, secret scanning, IAST
• Bitbucket, SonarQube, JFrog Artifactory
• Docker, Kubernetes/OpenShift
• AWS, Azure, GCP
• Java, Node.js, JavaScript/TypeScript, Python, Go.NET
• OIDC, OAuth 2.0, SAML, JWT, mTLS, Keycloak
• SSL/TLS, PKI, Vault
• STRIDE, PASTA, attack trees

What we offer

• International projects with top‑brand clients.
• Collaboration with global, diverse, highly skilled teams.
• Healthcare benefits and employee financial programs.
• Paid time off and additional employee perks.