DevSpeak Jobs
Teramind logo
Teramind

Manager, DevSecOps Engineering

🕐 29 dias atrás📍 Romania🌍 Remoto

Key Responsibilities

  • Security in the SDLC
  • Own and enforce DevSecOps practices across CI/CD pipelines (SAST, DAST, SCA, and other practices)
  • Integrate automated security tooling into development workflows; reduce manual security gates
  • Partner with development teams to perform secure code reviews and threat modeling

Vulnerability & Risk Management

  • Drive vulnerability identification, triage, and remediation across infrastructure and applications
  • Manage security tooling stack
  • Produce and maintain a risk register; track remediation SLAs

Penetration Testing, Crowd Testing & Incident Response

  • Lead or coordinate internal/external penetration testing cycles
  • Manage crowd testing campaigns
  • Develop and maintain an incident response playbook; support incident investigations

Compliance & Governance

  • Support compliance with SOC 2, ISO 27001, GDPR, and relevant data protection frameworks
  • Define and enforce security policies, standards, and developer security training

Leadership & Collaboration

  • Act as the primary security SME for the engineering organization
  • Mentor developers on secure coding practices; build a security-first engineering culture
  • Interface with external auditors, clients, and the executive team on security posture

Requirements

  • 5+ years of experience in DevSecOps, application security, or security engineering
  • Demonstrated experience managing security in software development environments (not just ops/infrastructure)
  • Strong development background, proficiency in at least 1 language (e.g., Python, Go, Java, C#)
  • Hands-on experience with CI/CD security tooling (SAST/DAST/SCA integration, secrets management)
  • Experience with cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes)
  • Familiarity with SOC 2 or ISO 27001 compliance frameworks
  • Excellent English communication skills (written and verbal)

Preferred/Nice to Have

  • Penetration testing experience or relevant certification (OSCP, CEH, GPEN)
  • Security certifications (CISSP, CSSLP, AWS Security Specialty, or similar)
  • Experience at a B2B SaaS or cybersecurity product company
  • Familiarity with insider threat, DLP, or endpoint security product domains

🇧🇷 Essa vaga exige inglês. Você está pronto?

A DevSpeak Academy prepara desenvolvedores brasileiros para conquistar vagas internacionais. Domine o inglês técnico com professores que entendem o mundo dev.

Conheça a DevSpeak Academy