Himalayas Remote / WFH Teknologi & IT Full Time

DevSecOps & Application Security Lead

JustMarkets

Australia, Canada, Denmark, France, Germany, Netherlands, Sweden, United Kingdom, United States Gaji dirahasiakan Diposting 1 hari lalu
Lokasi Australia, Canada, Denmark, France, Germany, Netherlands, Sweden, United Kingdom, United States
Gaji Gaji dirahasiakan
Tipe Kerja Full Time · Remote
Negara Jerman

Deskripsi Pekerjaan

Informasi lengkap tentang posisi dan persyaratan

Ringkasan Yukerja

Lowongan DevSecOps & Application Security Lead di JustMarkets kami kurasi dari Himalayas (kategori Teknologi & IT). Posisi ini ditandai sebagai remote — pastikan timezone dan syarat lokasi kandidat di deskripsi resmi. Yukerja.com bukan pemberi kerja — lamaran diproses di situs sumber resmi.

We are looking for a DevSecOps and Application Security Lead to join our team and build our application security from scratch. In this role, you will lead the security direction within our department, focusing on integrating security into the software development process. By balancing automation with practical DevSecOps practices, you will help our engineering teams find and fix vulnerabilities early, ensuring our products are safe and strong without slowing down development.

Responsibilities

  • Build the DevSecOps/AppSec function from scratch, and create the roadmap, KPIs, and metrics for leadership
  • Create secure development processes, including release security gates and vulnerability management
  • Choose, configure, and integrate security scanners (SAST, SCA, secrets) with a focus on automation and AI-assisted workflows
  • Integrate security checks into pipelines and development processes together with Engineering, DevOps, and Product teams
  • Run threat modeling and security reviews for high-risk systems and major architecture changes
  • Create clear security standards, checklists, and practical guidelines for developers (covering code, APIs, and secrets)
  • Launch and grow a Security Champions program to involve engineers in security processes
  • Help investigate incidents related to application vulnerabilities, leaked secrets, and supply-chain attacks

Requirements

  • 5+ years of experience in DevOps, SRE, Platform Engineering, or related infrastructure/security roles
  • 3+ years focused on DevSecOps and Application Security
  • 1+ years in a lead/ownership role
  • Deep understanding of modern software development, Git workflows, and hands-on experience integrating security checks into CI/CD pipelines without creating bottlenecks
  • Practical experience with SAST, SCA, secrets scanning, and vulnerability management (triage, risk rating, remediation, and validation)
  • Ability to select and scale security tools based on accuracy, false-positive rates, and developer experience
  • Strong knowledge of web/API/mobile risks (OWASP Top 10, auth, supply-chain risks) and ability to run threat modeling and secure design reviews
  • Good scripting skills (Python, Bash, or similar) and understanding of cloud-native/containerized environments
  • Ability to write clear security requirements and guidelines for developers
  • English - Intermediate+ or higher

Nice to Have

  • Experience building AppSec/DevSecOps functions from scratch or early maturity stages
  • Hands-on experience with tools like Snyk, Aikido, Semgrep, Trivy, Gitleaks, GitHub/GitLab Security, or SonarQube
  • Experience with cloud/IaC security, Kubernetes, and mobile app security
  • Knowledge of compliance standards (SOC 2, ISO 27001, PCI DSS, DORA) and experience with Bug Bounty or pentest coordination
  • Experience with Security Champions programs and AI-assisted security tools

We offer

  • 20 paid vacation days per year
  • 10 paid sick leave days per year
  • Public holidays as per the company’s approved Public holiday list
  • Medical budget
  • Opportunity to work remotely
  • Professional education budget
  • Language learning budget
  • Wellness budget (gym membership, sports gear and related expenses)

Originally posted on Himalayas

Disclaimer: Yukerja.com adalah agregator lowongan kerja, bukan pemberi kerja. Lowongan ini diagregasi dari Himalayas. Proses lamaran dilakukan di situs resmi perusahaan atau portal sumber. Kami tidak bertanggung jawab atas keakuratan informasi lowongan.

Tips Melamar DevSecOps & Application Security Lead

  1. Baca deskripsi lengkap dan pastikan skill Anda match sebelum melamar ke JustMarkets.
  2. Sesuaikan CV dan cover letter dengan kata kunci dari job description — terutama untuk kategori Teknologi & IT.
  3. Klik Lamar Sekarang untuk diarahkan ke Himalayas. Proses rekrutmen sepenuhnya di situs sumber.
  4. Siapkan portfolio atau LinkedIn yang update jika diminta di tahap screening.
  5. Waspadai permintaan transfer uang — lowongan resmi tidak memungut biaya.

Artikel terkait: CV ATS · Blog Karir & Tips