Cyber Security DevOps Manager

Cyber Security DevOps Manager Miejsce pracy: Warszawa Technologies we use Expected Azure Python Bash GitLab Azure DevOps GitHub About the project This position exists to ensure the consistent security of JTI's Digital Ecosystem (DES) and global applications, including e-commerce solutions. The role is responsible for defining and implementing technical security standards across these platforms, embedding secure DevOps practices into CI/CD environments (e.g., Azure DevOps, GitLab, GitHub), and protecting applications from internal and external threats while promoting shift-left security practices throughout the software development lifecycle. As part of the Cyber Security Centre, this role contributes to the delivery of high-quality, cost-effective security services across JTI's global infrastructure and application landscape—including security architecture, design, innovation, assurance, service delivery, and SOC operations. The position also drives the adoption of security tools and best practices, conducts threat assessments, and partners closely with engineering, product, and operations teams to ensure the secure design, development, and deployment of cloud-based and mobile solutions. It requires a strong foundation in cloud and container security, Secure SDLC, application security tooling (e.g., SAST, DAST, SCA), and secure coding principles, with a particular focus on Azure environments. Ultimately, this role is critical to maintaining a secure, compliant, and resilient digital environment aligned with corporate and industry security standards. Your responsibilities Security Integration in CI/CD: Responsible for integrating and maintaining security tools in the CI/CD pipeline to ensure secure development and deployment Assist in identifying, tracking, and prioritizing security vulnerabilities in the development environment Support the remediation of vulnerabilities, collaborating with development and operations teams to address security issues Security Tool Administration, Monitoring and Reporting: Assist in configuring, maintaining, and troubleshooting security tools used in the CI/CD pipeline, such as static and dynamic application security testing (SAST/DAST), and software composition analysis (SCA) Ensure that tools are functioning properly, with regular updates and maintenance to keep them current Monitor CI/CD environments for security threats, running regular security scans and audits Assist in generating reports on security findings, tracking resolution progress, and ensuring transparency in security posture Security Awareness & Training: Contribute to security awareness initiatives within development teams, promoting secure coding practices Educate teams on common vulnerabilities and industry best practices to enhance overall security knowledge Governance: Ensure adherence to security standards, frameworks (e.g. OWASP, NIST, ISO, PCI DSS), and JTI security policies Support the development of security policies, ensuring that security best practices are consistently followed across the team Our requirements Education: University degree in Computer Science, Computer Engineering, Information Systems, or related field or relevant experience Work experience: working experience on the following new technology trends: 5 years of solid knowledge in cloud and container security, including the specific characteristics of cloud-based security services and securing web/mobile applications 5 years of hands-on experience in operational Cybersecurity, DevOps, or DevSecOps, with strong knowledge of the Secure SDLC approach and the ability to articulate security goals, lifecycle stages, and related processes Experience implementing Secure SDLC and integrating security into CI/CD pipelines with a shift-left approach Proficient in Azure, Python, Bash, and using tools like SCA, SAST, DAST/IAST, and image scanning Knowledge of security standards (OWASP, NIST, ISO, PCI DSS) and experience with tools like Blackduck, Coverity on Polaris, Advanced Security, WIZ etc. Familiar with cloud-native security controls, secure coding practices, and threat modeling (e.g., OWASP Threat Dragon) Strong knowledge of network security, including common protocols and the OSI model. Hands-on experience with Infrastructure-as-Code (IaC) tools (e.g., Terraform), and CI/CD platforms such as GitLab, Azure DevOps, and GitHub, including integrating security tools into pipelines. Good understanding of containerization and Kubernetes, especially from a security perspective. Language: English professional working proficiency (spoken and written) What we offer Competitive pay and attractive annual bonus On-going development opportunities in multinational environment, wide variety of projects, ambitious goals and independence in achieving them. Promoting from within culture Freedom with responsibility (we trust your competencies, ability to manage your time and your scope of work) Lot of flexibility in terms of work arrangements (work from office or from home) Private medical care (various options to choose) and life insurance Employee pension and savings programs JTI Family Leave Benefit – including extended paid paternity leave and fully paid maternity leave Multisport card, foreign languages classes Wide variety of trainings, webinars and professional courses on our e-learning platforms, including sponsored certification programs (for employees fulfilling the admission criteria) Modern office with traditions (Art Norblin Factory) in convenient location, equipped with a library, mindfulness zone, spacious kitchen, garden terrace, massage chairs and underground bicycle parking Working in a diverse and inclusive organization of over 40 different nationalities Benefits sharing the costs of sports activities private medical care sharing the costs of foreign language classes life insurance remote work opportunities flexible working time retirement pension plan no dress code coffee / tea leisure zone JTI Family Leave Benefit - additional paternity leave Anniversary awards JTI Benefit Platform JTI GBS POLAND Sp. z o.o. JTI Poland is part of Japan Tobacco International, a leading international tobacco company. We operate in 130 countries, employ over 45,000 people worldwide and our product portfolio includes world-renowned brands such as Camel, LD, Winston and Logic, available on the Polish market. In Poland, we employ over 2,300 employees and we are the 3rd player in the tobacco industry. Since the beginning of JTI's operations in Poland in 2007, we have been the fastest growing tobacco company: our market share has more than quadrupled and our production volume has grown more than 10 times. But our business, isn't just business. Our business is our people. Their talent. Their potential. We believe when they're free to be themselves, grow, travel and develop, amazing things can happen for our business. That's why since 11 years JTI is one of the Top Employers in Poland, in 2020 being ranked number one for the second year in a row. If you decide to participate in this recruitment, the administrator of your data will be JTI GBS Poland sp. z o.o. with headquarters in Warsaw. Your data will be processed only to support the recruitment process in which you participate. Detailed information on the processing of your data:Detailed information on the processing of your personal data:1. Who is the controller of your personal data?Name and registered office: JTI GBS Poland sp. z o.o., ul. Żelazna 51/53, 00-841 WarsawContact mailbox regarding data processing: wawgdprgbs@jti.comData Protection Officer: The data controller has appointed a Data Protection Officer who can be contacted directly at the following address: wawgdprgbs@jti.com. The Data Protection Officer can be contacted in all matters related to the processing of personal data and the exercise of rights related to the processing of such data.2. For what purposes is your personal data processed?Your personal data will be processed for the purpose of enabling you to take part in the recruitment process for the position in JTI GBS to which your application relates. If you have provided your consent to participate in the recruitment processes conducted by JTI GBS in the future, your data will also be processed for this purpose. If your application is considered under the employee referral program, your data will also be processed to accomplish the objectives of the program. In specific situations, JTI GBS may also process your personal data to the extent necessary to establish, assert or defend against claims. Detailed information on the basis of data processing is provided in the table.3. What is the data retention period?The data provided in order to take part in a specific recruitment project will be retained for the period until the end of the recruitment process, up to a maximum of 3 months from the selection of the employee in case no contract has been concluded. If you have given your consent to the processing of your personal data for future recruitments, then your data will be processed until your consent is withdrawn, but for no longer than for 12 months. In case of processing your application under the employee referral program, your personal data will be processed until the objectives of the program have been met. The duration of the processing of your personal data may be extended each time by the period of the statute of limitations for claims, if the processing is necessary to establish, assert or defend against claims.4. Who will be the recipients of your personal data?The data may be transferred to entities processing personal data on behalf of the controller, e.g. IT service providers, entities operating the database, entities handling application requests – however, these entities process data on the basis of an agreement with the controller and only in accordance with the controller's instructions and within the scope of the granted consent. Personal data may also be transferred to other JTI Group companies in connection with intra-group purposes.5. Will your personal data be subject to profiling?During the recruitment process, you may be asked to complete tests (e.g. analytical test, behavioural test, cognitive test) or to participate in an Assessment Center session. In the case of behavioural test, you will be subject to profiling. The system will evaluate the answers you give in the survey and create a profile of your behaviour and preferred working conditions based on these answers. The test is only a support material for the recruiter conducting your recruitment process and no automated decisions are made based thereon.6. What are your rights in relation to the processing of your personal data?You have the right to withdraw your consent for processing of data at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. You have the right to obtain information about the processing of your personal data concerned in accordance with Art. 15 of the GDPR, including to obtain copies of your personal data. In addition, you may request the rectification of inaccurate personal data, as well as the completion of incomplete personal data. You may also request restriction of the processing in the cases referred to in Art. 18 of the GDPR, as well as the data portability. You have the right to object to the processing of your personal data. You have also the right to erasure your personal data. . When profiling is used (it may take place when using behavioural tests in the recruitment process), you have the right to object to the profiling of your personal data. In order to exercise the above rights, please contact the data controller, e.g. by sending an appropriate request via e-mail. You also have the right to lodge a complaint with the supervisory authority (Poland: President of the Personal Data Protection Office).7. Is personal data transferred outside the European Economic Area?Your personal data may be entrusted for processing to JT International S.A. with its registered office in Switzerland, i.e. outside the European Economic Area (EEA). The European Commission has stated that this country offers an adequate level of personal data protection (Commission Decision of 26 July 2000). The recipient has implemented adequate and appropriate safeguards for your personal data. You have the right to receive a copy of the transferred personal data. Your personal data may also be transferred to other JTI Group companies that are based outside the EEA. Whenever the country to which the transfer of personal data will take place does not provide an adequate level of protection for personal data, JTI GBS will ensure the protection of your personal data in accordance with applicable legislation.8. Is provision of the personal data mandatory?Responding to the Company's advertisement and providing your data is voluntary. However providing the mandatory data is necessary for your application to be considered during the recruitment process. Failure to provide this data will prevent your application from being considered. The provision of other data is voluntary and constitutes the candidate's consent to their processing in the recruitment process. If you raise an objection to the processing of your personal data during the recruitment process, further participation will not be possible.