DevOps Engineer (security)

About the job

The world’s most critical--and at-risk--business applications have been neglected for far too long. Onapsis eliminates this blind spot by providing cybersecurity solutions dedicated to business-critical applications. Onapsis helps nearly 30% of the Forbes Global 100 understand the threats and risks across their SAP and Oracle landscapes, whether running on-premises, in the cloud, or in a hybrid environment. 

We are looking for self-motivated and enthusiastic DevSecOps Engineer who want to impact cybersecurity by continuing to advance, maintain, and enhance our platform features in Threat Detection & Response, Vulnerability Management, and Compliance Automation. 

What you will be doing, your legacy: 

Working closely with leadership, product management, and our Engineering and Operations teams to design and implement security-focused capabilities across the SDLC using Shift-Left-On-Security principles. This role partners with InfoSec, Technical Operations, and Platform Engineering teams to ensure CI/CD frameworks, infrastructure, and automation tooling are secure by design, resilient, and capable of protecting our customers at scale. 

Key Responsibilities:

• Security Automation & CI/CD: Embed, maintain, and optimize automated security testing (SAST, DAST, SCA) directly into GitLab CI/CD pipelines.
• Vulnerability & Patch Management: Perform platform security assessments, verify reported exploits, and support vulnerability remediation activities.
• Security Compliance: Participate in security audits, provide actionable feedback, and coordinate with engineering teams to meet compliance timelines and regulatory standards. 
• Penetration Testing Enablement: Provision and configure isolated test environments, deploy target application builds, and coordinate secure access requirements for penetration testing activities.
• Security Operations & Incident Response: Collaborate with cross-functional teams to evaluate security releases, generate compliance reports, and support security monitoring/observability using Grafana, New Relic, or OpenTelemetry.
• Security Advocacy: Conduct internal software security training and advocate for secure coding standards and DevSecOps best practices across engineering teams.
• Threat Modeling & Risk Mitigation: Conduct threat modeling exercises for new features and infrastructure changes to identify vulnerabilities before code hits production.

Requirements:

Cybersecurity Expertise (2+ Years)

• Hands-on experience implementing Shift-Left-On-Security frameworks within the SDLC.
• Practical knowledge of application security testing methodologies, specifically SAST, DAST, SCA, and OSS management.
• Experience conducting Threat Modeling exercises and performing secure code reviews.
• Awareness of penetration testing (blackbox, whitebox) methods
• Plus: Knowledge of compliance and auditing standards (ISO 27001/27002, NIST 800-53, PCI DSS, CIS Controls) or active SecOps experience.

DevOps & Cloud Infrastructure (1+ Years)

• Proven experience in DevOps practices utilizing Cloud Technologies (AWS preferred, Azure, GCP)
• Good understanding of the Software Development Lifecycle (SDLC), its phases and how to embed Security in each of them
• Experience in Version Control tools and CI/CD (Git/GitLab), including branching, and pipeline development.
• Knowledge of containerization and orchestration using Docker and Kubernetes.
• Linux system administration skills, including networking, access management, and basic troubleshooting skills.
• Expertise in a scripting language (e.g., Python, Bash).
• Plus: Exposure toInfrastructure as Code (IaC), specifically Terraform.

Soft Skills

• Demonstrated effective communication and collaboration across Engineering, Security, SRE, and cross-functional teams to support delivery and operational objectives
• Experience managing priorities, handling operational pressure, and escalating risks or blockers when needed. Identifies and supports continuous improvement initiatives.
• Demonstrated analytical thinking and problem-solving skills to troubleshoot operational, infrastructure, and security-related issues in a structured manner
• Strong attention to detail and a security-first mindset when working with CICD pipelines, infrastructure, automation, and cloud environments
• Continuous learning mindset with willingness to share knowledge, contribute to documentation, and support team growth

What we offer: 

• A role in shaping the future of protecting the most critical applications that run the world's business and a career that grows as the company grows.
• A unique culture of high achievement and teamwork.
• Supportive and humble colleagues are the space's top problem solvers and innovators.
• Financial security through competitive compensation and incentives.

Employment:  Please note that this is a full-time employee role. No B2B or SRLs will be accommodated.

Location: Onapsis has established a new development center in Bucharest. This is a hybrid role (2 days per week from the office), so candidates must be commutable to Bucharest.

About Onapsis:

Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications.

Onapsis is headquartered in Boston, MA, with offices in Dallas, TX, Heidelberg, Germany, Bucharest, Romania, and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.

Onapsis only invites candidates to apply directly through reputable job boards or the Onapsis careers page on our website. Job offers are extended only after a face-to-face video interview with an Onapsis HR representative. Please disregard any outreach from Onapsis via forums, social networks, or other platforms, as these are fraudulent.

For more information, connect with Onapsis on LinkedIn or visit https://www.onapsis.com.

#LI-AC1

#Hybrid