We’re looking for a Lead DevSecOps Engineer / Security Manager to help shape and lead cybersecurity practices for a platform operating in the hospitality, travel, ticketing, and live events space. This role combines hands-on application security expertise with security leadership responsibilities. You’ll work closely with engineering teams to strengthen secure software delivery, improve security processes, manage risk, and support compliance requirements in a business where security, reliability, and customer trust are critical. Required for this role * 8+ years of experience in Application Security, Product Security, or DevSecOps, working directly with engineering teams * Strong hands-on experience with SAST, SCA, code scanning, GitHub, GitHub Advanced Security, SonarQube, Dependabot, and CI/CD security integration * Ability to review code, assess security findings, distinguish real risk from noise, and drive practical remediation efforts * Experience implementing and improving SSDLC and shift-left security practices, including threat modeling, security design reviews, and vulnerability management * Strong understanding of application and API security concepts, including authentication, authorization, secrets management, dependency risks, injection vulnerabilities, and data protection * Experience working with cloud-native software delivery using containers, Infrastructure as Code, Git-based workflows, automation, and technical documentation * Proven experience leading security initiatives, establishing controls, and driving security improvements across engineering organizations * Experience developing security policies, standards, and governance processes aligned with business and risk objectives * Strong knowledge of compliance and security frameworks, particularly PCI, SOX, and security governance approaches influenced by ISO and ITIL * Ability to prioritize security work, manage competing demands, and communicate effectively with technical and business stakeholders
Nice to have * Experience with IaC scanning, container and image security, software supply chain security, and advanced secrets management practices * Experience securing workloads and services in AWS * Background working in regulated, audit-sensitive, or event-critical environments
Your responsibilities * Lead and support a team of security professionals, helping define priorities, objectives, and execution plans * Build, improve, and maintain security systems, processes, and controls across the organization * Drive the implementation of technical, process, people, and audit controls to reduce enterprise risk * Develop, maintain, and evolve the organization’s cybersecurity strategy * Oversee security policies, standards, and guidelines and ensure their effective adoption * Support compliance efforts related to PCI, SOX, and broader security governance requirements * Continuously evaluate emerging threats, security trends, and technologies and apply them to improve security effectiveness * Guide the development and maintenance of incident response and disaster recovery capabilities * Partner with engineering teams to strengthen secure software delivery practices and improve application security posture
What you getYour time off * Paid vacation and sick leave according to your location * Local public holidays
Learning & growth * Sombra University workshops and internal learning programs * Tech Communities and knowledge sharing sessions * Language courses and workshops * Mentorship opportunities
And even more * Company-provided work equipment * Internal referral program * Events and internal initiatives
Before you apply Our recruitment team will carefully review your profile, and if we see a good match with the role, we’ll reach out to you shortly.
If you don’t hear from us within 5 business days, it means we’ve decided to continue the process with other candidates for this position. Thanks for understanding.
