Bucharest, Bucharest, Romania Hybrid Full-time

Onapsis is hiring a DevOps Engineer (security)

Responsibilities

  • Working closely with leadership, product management, and our Engineering and Operations teams to design and implement security-focused capabilities across the SDLC using Shift-Left-On-Security principles.
  • Partner with InfoSec, Technical Operations, and Platform Engineering teams to ensure CI/CD frameworks, infrastructure, and automation tooling are secure by design, resilient, and capable of protecting our customers at scale.
  • Security Automation & CI/CD: Embed, maintain, and optimize automated security testing (SAST, DAST, SCA) directly into GitLab CI/CD pipelines.
  • Vulnerability & Patch Management: Perform platform security assessments, verify reported exploits, and support vulnerability remediation activities.
  • Security Compliance: Participate in security audits, provide actionable feedback, and coordinate with engineering teams to meet compliance timelines and regulatory standards.
  • Penetration Testing Enablement: Provision and configure isolated test environments, deploy target application builds, and coordinate secure access requirements for penetration testing activities.
  • Security Operations & Incident Response: Collaborate with cross-functional teams to evaluate security releases, generate compliance reports, and support security monitoring/observability using Grafana, New Relic, or OpenTelemetry.
  • Security Advocacy: Conduct internal software security training and advocate for secure coding standards and DevSecOps best practices across engineering teams.
  • Threat Modeling & Risk Mitigation: Conduct threat modeling exercises for new features and infrastructure changes to identify vulnerabilities before code hits production.

Requirements

  • Hands-on experience implementing Shift-Left-On-Security frameworks within the SDLC.
  • Practical knowledge of application security testing methodologies, specifically SAST, DAST, SCA, and OSS management.
  • Experience conducting Threat Modeling exercises and performing secure code reviews.
  • Awareness of penetration testing (blackbox, whitebox) methods
  • Proven experience in DevOps practices utilizing Cloud Technologies (AWS preferred, Azure, GCP)
  • Good understanding of the Software Development Lifecycle (SDLC), its phases and how to embed Security in each of them
  • Experience in Version Control tools and CI/CD (Git/GitLab), including branching, and pipeline development.
  • Knowledge of containerization and orchestration using Docker and Kubernetes.
  • Linux system administration skills, including networking, access management, and basic troubleshooting skills.
  • Expertise in a scripting language (e.g., Python, Bash).
  • Demonstrated effective communication and collaboration across Engineering, Security, SRE, and cross-functional teams to support delivery and operational objectives
  • Experience managing priorities, handling operational pressure, and escalating risks or blockers when needed. Identifies and supports continuous improvement initiatives.
  • Demonstrated analytical thinking and problem-solving skills to troubleshoot operational, infrastructure, and security-related issues in a structured manner
  • Strong attention to detail and a security-first mindset when working with CICD pipelines, infrastructure, automation, and cloud environments
  • Continuous learning mindset with willingness to share knowledge, contribute to documentation, and support team growth

Nice to Have

  • Knowledge of compliance and auditing standards (ISO 27001/27002, NIST 800-53, PCI DSS, CIS Controls) or active SecOps experience.
  • Exposure to Infrastructure as Code (IaC), specifically Terraform.

Benefits

  • A role in shaping the future of protecting the most critical applications that run the world's business and a career that grows as the company grows.
  • A unique culture of high achievement and teamwork.
  • Supportive and humble colleagues are the space's top problem solvers and innovators.
  • Financial security through competitive compensation and incentives.
Required Skills
CI/CDCompliance
About company
Onapsis
Onapsis is a proven market leader that protects your business's most critical applications. Only Onapsis delivers the actionable intelligence, automated governance, continuous monitoring, and secure change capabilities required by cross-functional teams to optimize workflows and automate manual tasks so they can embrace and accelerate SAP and Oracle E-Business Suite (EBS) modernization, cloud, IoT, and mobility initiatives while keeping the most vital systems and data protected and compliant. Headquartered in Boston with regional offices in Heidelberg, Germany, Buenos Aires, Argentina, Texas USA, and now in Bucharest, Romania. Onapsis proudly serves more than 300 leading brands and organizations, including many of the Global 2000.
All jobs at Onapsis Visit website
Job Details
Category infrastructure
Posted 8 hours ago