Auticon
DevSecOps Engineer
Job description
DevSecOps Engineer – Join Our Inclusive Team at auticon
Location: Poland, Kraków (Hybrid - 6 days/month in the office)
Full-Time Position
Salary: 130 - 160 PLN/h + VAT (B2B)
About the Role
We are looking for an experienced DevSecOps Engineer to join our team and take ownership of our Jenkins Shared Library, which powers CI/CD pipelines across multiple technology stacks, including Java/Maven, Node.js/NPM, Python, Helm, Terraform, and containerized applications.
In this role, you will be responsible for building and improving secure, high-performing CI/CD pipelines while strengthening software supply chain security. You will play a key role in implementing SLSA, generating SBOMs, ensuring artifact integrity, and automating security controls across engineering teams.
Responsibilities
- Design, develop, and maintain Jenkins Shared Library components written in Groovy to support build, test, packaging, security scanning, and deployment processes.
- Extend and enhance Python-based tooling for SLSA provenance generation, SBOM creation, accurate hash and digest calculation, and aggregation of security scan results from tools such as SonarQube, Sonatype IQ, SAST, and container image scanners.
- Continuously optimize pipeline performance through parallel execution, caching strategies, dependency prefetching, and reducing the scope of generated BOMs.
- Ensure artifact integrity by implementing correct SHA1/SHA256 mapping, reproducible build inputs, and evidence modeling.
- Refactor and modernize legacy scripts by removing global state, consolidating hashing mechanisms, and standardizing reusable templates.
- Create and maintain documentation for ci-config.yaml standards, best practices, and usage guidelines.
- Mentor engineering teams on secure CI/CD development and software supply chain security best practices.
- Investigate, troubleshoot, and proactively prevent CI/CD pipeline issues and incidents.
Requirements
- 7+ years of experience in software engineering.
- At least 3 years of experience working with CI/CD platforms or in a DevSecOps role.
- Strong hands-on experience with Jenkins and developing Jenkins Shared Libraries using Groovy .
- Advanced Python programming skills, particularly in automation, scripting, and JSON/YAML processing.
- Deep understanding of packaging and dependency management for Maven , NPM , and Python , with practical exposure to Helm , Terraform , and container image metadata.
- Solid knowledge of software supply chain security concepts, including SLSA , CycloneDX SBOM , and artifact digests.
- Experience with security tools such as SonarQube , Sonatype IQ , SAST solutions, and container image scanning.
- Proven experience optimizing CI/CD pipelines through caching, parallelization, dependency pruning, and other performance improvements.
- Good understanding of compliance requirements and secure software delivery practices.
Nice to Have
- Experience with artifact signing and attestations using tools such as Cosign and OCI .
- Knowledge of Terraform module publishing and Helm chart publishing workflows.
- Experience with GitOps methodologies or release automation.
- Hands-on experience with AWS and/or GCP cloud environments.
Soft Skills
- Excellent written and verbal communication skills.
- Strong attention to technical documentation and documentation standards.
- Ownership mindset with the ability to work independently and take responsibility for delivered solutions.
- Strong problem-solving skills and a proactive approach to identifying and resolving issues.
Why Join auticon
- Inclusive Workplace: We are a neurodivergent-friendly organization, where the majority of our consultants are on the autism spectrum.
- Supportive Environment: Receive tailored support and understanding throughout your career with us. We provide accommodations that allow you to work in an environment where you can thrive.
- No Stressful Interviews: Most of our recruitment processes are designed to be straightforward and transparent, ensuring that you can focus on showcasing your skills, not dealing with unnecessary stress. However some of our processes on the client side require you to take part in the technical assessment, organized by an external provider, which we have a limited influence on. We will however do our best to inform you about it in advance, providing all available information.
- Autism-Friendly Workplaces: We ensure that our workspaces, culture, and policies are designed to suit the needs of individuals on the autism spectrum, with flexibility, understanding, and open communication.


