DevSecOps Engineer (Jenkins, Python)

Skills:

• 7+ years engineering; 3+ in CI/CD platform or DevSecOps
• Strong Jenkins + Groovy shared library expertise
• Advanced Python automation (JSON/YAML processing, tooling scripts)
• Deep Maven/NPM/Python packaging knowledge; exposure to Helm/Terraform and container image metadata
• Supply-chain security (SLSA, CycloneDX SBOM, digests)
• Experience with SonarQube, Sonatype IQ, container and SAST scanning
• Proven performance tuning (caching, parallelization, dependency pruning)
• Compliance Awareness

Nice to have:

• Artifact signing / attestations (cosign, OCI)
• GitOps or release automation experience
• GCP/AWS cloud experience

What's in it for you?

• Prestigious position at one of the world's largest banks
• B2B contract
• Hybrid work (6 days per month from the office in Cracow) and flexible working hours
• Working with cutting-edge IT technologies
• Personal growth and development opportunities
• Private healthcare coverage and multisport card
• Referral program and company events

Recruitment process: two meetings with hiring managers, followed by a phone screening with our recruiter

Hybrid work: 6 days per month from the office in Cracow

Do you want to work for one of the world’s largest global banks? Want to be part its exciting digital transformation? Do you want to engineer incredible products for millions of customers?

Well, our Client offers just that ☺︎

Overview:

Own and evolve our Jenkins Shared Library powering multi-language builds (Java/Maven, Node/NPM, Python, Helm, Terraform, containers). Deliver fast, secure, provenance-rich pipelines (SLSA, SBOM, digests) and strengthen supply-chain integrity across teams.

What you will do:

• Design and maintain Groovy pipeline steps (build, test, package, scan, deploy)
• Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container)
• Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch)
• Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence modeling)
• Refactor legacy scripts (remove global state, consolidate hashing, standardize templates)
• Document ci-config.yaml standards and usage patterns
• Mentor engineers on secure pipeline development and supply-chain practices
• Troubleshoot and prevent pipeline incidents