Sigmaways IncThe Role : This is a hands-on technical role requiring deep expertise in CI/CD automation, containerization, infrastructure-as-code, and security tooling integration. You will be responsible for implementing build gates, automating security scans, developing custom integrations, and ensuring our GitLab-based pipelines provide consistent, measurable security controls across the entire CDP portfolio. Key Areas of Work Design, implement, and maintain security controls within GitLab CI/CD pipelines.
Develop pipeline automation scripts.
Develop and enforce container security policies.
Work with Security Champions to provide technical support and training on pipeline security features.
Develop reference architectures and example implementations for secure pipelines.
Support developers in understanding and resolving security findings.
Support pipeline assessment data collection through pipeline telemetry.
Coordinate with GRC teams on security control validation and evidence collection.
Mentor and guide team members in secure development practices.
Advocate for security throughout the SDLC.
Qualifications : Bachelor's degree in computer science, Information Technology, or related field (or equivalent experience).
5+ years of experience in DevOps, SRE, or Platform Engineering roles.
3+ years of hands-on experience with GitLab CI/CD (or similar platforms like Jenkins, GitHub Actions, Azure DevOps).
Strong expertise in CI/CD pipeline design, implementation, and optimization.
Proficiency in scripting and automation using Python, Bash, or similar languages.
Deep understanding of containerization technologies (Docker, Kubernetes, ECS).
Experience with Infrastructure-as-Code tools (Terraform preferred).
Practical knowledge of AWS cloud services.
Experience integrating security scanning tools into CI/CD pipelines.
Strong understanding of Git workflows, branching strategies, and merge request processes.
Experience with configuration management and pipeline-as-code practices.
Working knowledge of application security concepts and vulnerability types (OWASP Top 10)
Familiarity with security scanning tools such as:
SAST tools (Semgrep, SonarQube, Checkmarx, or similar)
SCA tools (Sonatype, Snyk, Black Duck, or similar)
Container scanning tools (Trivy, Prisma, Aqua, or similar)
DAST tools (OWASP ZAP, Burp Suite, or similar)
AWS Certified DevOps Engineer or Solutions Architect
Security Certifications from GIAC or other
¿Te interesa este puesto?