|
Описание: |
We are looking for a Senior DevSecOps| AppSec Manager to join our team. This is a hands-on role for someone who knows how to work closely with engineering teams, embed security into the development lifecycle, and turn real vulnerabilities into practical fixes — not just reports. If you enjoy being in the middle of the action, collaborating with developers daily, and building a security culture from the inside out, we’d love to hear from you.
The Project
You will work embedded within delivery teams across multiple products, partnering with squad tech leads and vertical leads to integrate security practices into CI/CD pipelines, review cloud and application configurations, and drive a shift-left security mindset across the organization. The environment is cloud-native, GitHub-based, and AWS-powered — fast-moving and engineering-driven.
Tech requirements:
* 5+ years of hands-on Application Security / Product Security / DevSecOps experience working directly with engineering teams.
* Strong AppSec tooling experience: SAST, SCA, code scanning, GitHub / GitHub Advanced Security / SonarQube / Dependabot, and CI/CD integration.
* Ability to read code, assess real risk, and drive practical remediation (not just flag issues).
* SSDLC / shift-left skills: threat modeling, security design reviews, vulnerability management.
* Strong application and API security fundamentals: authN/authZ, secrets management, dependencies, injection, data protection.
* Experience with cloud-native delivery: containers, IaC, Git-based workflows, automation, and clear documentation.
* English — Upper-Intermediate (B2) or higher. Ukrainian — fluent.
Nice to have:
* IaC scanning, container/image security, software supply chain, and secrets management experience.
* AWS cloud security experience.
* Experience in regulated, audit-sensitive, or event-critical environments.
What you will do:
* Work directly with development teams to incorporate security scans into their CI/CD pipelines.
* Identify and assess vulnerabilities in the software supply chain, advising on risk priority and remediation.
* Review GitHub and AWS configurations in the context of application development and deployed environments.
* Conduct security design reviews and contribute to threat modeling sessions.
* Update and maintain vulnerability reporting, collaborating with squad tech leads and vertical leads to review and address findings.
* Champion shift-left security practices and help build a strong security culture across engineering teams.
Why join Empeek? ✨
Challenging & meaningful products — complex architectures, modern technologies, and solutions that truly make an impact.
Professional growth — personal development plan, mentorship, career maps, and opportunities to grow into new roles and responsibilities.
Strong team culture — we share the same mission, values, and passion for what we do.
Flexibility & ownership — freedom to choose your format and schedule, focus on results, and have a real impact on the company’s success.
What we offer
Access to learning opportunities — internal and external training, certification reimbursement.
18 paid vacation days, 10 public holidays compensated, and up to 10 paid sick days.
Partial compensation for English classes + free speaking club.
Up to $180/year for sports activities.
Mentorship and knowledge sharing — people you can really learn from.
Career maps and growth plans to support your professional development.
New equipment provision, and accounting support if needed.
Competitive market-level salary with regular reviews.
Additional perks and compensations such as insurance fund, gifts etc.
Psychological safety and supportive culture.
Company values that align with yours.
Social responsibility — support the Armed Forces
If you believe this role could be a great match for you, please send us your resume via the link — we’ll be happy to get in touch with you.
Відгукнутись на вакансію |
