Senior DevSecOps Engineer

EPAM·Hungary·Удалённо, Офис·6д. назад

We are seeking a Senior DevSecOps Engineer with strong experience in platform or infrastructure engineering and a solid foundation in application security. This role focuses on designing, building, and operating scalable enterprise platforms that enable seamless integration, orchestration, and management of SAST (Static Application Security Testing) tooling. You will work within cloud-native environments and Kubernetes, driving automation, improving developer experience, and ensuring secure, compliant, and reliable security tooling at scale.

Responsibilities

Design, build, and maintain scalable platforms supporting enterprise SAST tooling
Integrate security scanning capabilities into CI/CD pipelines to enable secure SDLC practices
Develop and optimise platform architecture for performance, scalability, and reliability
Automate deployment, configuration, and operational workflows using Infrastructure as Code
Enable secure and efficient consumption of SAST services by engineering teams
Implement platform hardening, including access control, secrets management, and compliance enforcement
Ensure observability through logging, monitoring, and alerting for platform and scanning services
Collaborate with engineering and security teams to improve developer enablement and security adoption
Manage and operate cloud-native infrastructure and Kubernetes environments
Support continuous improvement of platform capabilities, integrations, and automation frameworks

Requirements

3+ years of experience in platform engineering or infrastructure engineering
Solid understanding of application security principles and secure SDLC practices
Experience building or supporting platforms for security tooling, ideally SAST
Hands-on experience with Cloud technologies and Kubernetes
Proven experience integrating security tools into CI/CD pipelines
Strong knowledge of Infrastructure as Code and automation tools such as Terraform or Helm
Good scripting skills and strong troubleshooting and problem-solving capabilities
Fluent English communication skills at a B2+ level

Nice to have

Experience with GitHub Actions or similar CI/CD orchestration tools
Knowledge of secrets management solutions (e.g., HashiCorp Vault or cloud-native alternatives)
Experience with monitoring and observability tools (e.g., Prometheus, Grafana, Cloud Monitoring)
Exposure to compliance frameworks and enterprise security requirements
Experience with additional application security domains (e.g., DAST, SCA)
Understanding of service integration patterns and platform engineering best practices