DevSecOps
Growe is seeking a DevSecOps professional to build and own the DevSecOps function from the ground up within the security team. This role involves defining the security strategy, roadmap, priorities, and success metrics.
The successful candidate will assess the current security posture of applications, infrastructure, cloud environments, and development processes. They will design and implement security controls across the software development lifecycle and establish secure CI/CD practices, including security gates and automated validation processes.
The role focuses on integrating security checks into engineering workflows with a strong emphasis on automation and developer experience. It also involves building and operating vulnerability management processes, defining cloud security standards across AWS, Azure, or GCP environments, and enforcing Kubernetes and container security controls.
Additionally, the DevSecOps professional will develop Infrastructure-as-Code security standards, integrate security logs into SIEM for monitoring and incident response, and create security standards and operational procedures for Engineering and Platform teams. Support for security incident investigations is also a key part of the role.
- Build and own the DevSecOps function from the ground up, defining strategy, roadmap, priorities, and success metrics.
- Assess the current security posture of applications, infrastructure, cloud environments, and development processes.
- Design and implement security controls across the software development lifecycle.
- Establish and maintain secure CI/CD practices, including security gates and automated validation processes.
- Integrate security checks into engineering workflows with a strong focus on automation and developer experience.
- Build and operate vulnerability management processes, including triage, prioritisation, remediation tracking, and reporting.
- Define and implement cloud security standards, guardrails, and best practices across AWS, Azure, or GCP environments.
- Design and enforce Kubernetes and container security controls, including RBAC, secrets management, network segmentation, and runtime protection.
- Develop Infrastructure-as-Code security standards and policy-as-code controls.
- Integrate security logs and events into SIEM to support monitoring, threat detection, and incident response.
- Create security standards, technical guidelines, and operational procedures for Engineering and Platform teams.
- Support security incident investigations related to cloud, infrastructure, CI/CD, application vulnerabilities, exposed credentials, and supply-chain threats.
- 2+ years of hands-on experience in DevSecOps, Cloud Security, or Security Engineering (required).
- Experience leading security initiatives, projects, or programs with significant ownership and autonomy (required).
- Proven experience building security processes, tooling, or security programs from scratch (required).
- Hands-on experience integrating security controls into CI/CD pipelines without negatively impacting engineering productivity (required).
- Experience with containerised environments and Kubernetes security (required).
- Experience working with cloud platforms such as AWS (required).
- Practical experience with Infrastructure as Code tools such as Terraform, Helm, or Ansible (required).
- Experience integrating security logs and events with SIEM platforms and supporting detection, monitoring, and incident response use cases (required).
- Ability to balance security requirements with business objectives and engineering velocity (required).
- Experience with Python (nice-to-have).
- English - Intermediate+ or higher (required).
- Good communication skills (required).
- Multitasking and quick task execution (required).
- Responsibility and attention to detail (required).
- Health & Wellness Focus
- Global Medical Coverage
- Growth Opportunities
- Benefits Programs (compensation for the gym, stomatology, psychological service, etc.)
- Performance-Driven Rewards
- Dynamic Work Environment
Growe is a business advisory and services group operating in the iGaming and entertainment industries. Headquartered in Warsaw, it combines strategic vision with hands-on expertise to help businesses navigate the sector, enter new markets and achieve sustainable growth. Its capabilities span business and brand strategy, market research, marketing solutions, IT customisation, organisational structuring and talent management. The company focuses on launching new iGaming brands worldwide and turning challenges into competitive advantages for its clients.
