Job Summary: We are seeking a Senior DevSecOps Engineer to lead the security initiative, define the roadmap, and guide the team in adopting security-by-design practices—with a focus on cloud, CI/CD, Kubernetes, and compliance. Key Highlights: 1. Lead the DevSecOps initiative as a senior technical reference. 2. Integrate security into SDLC, CI/CD, and cloud to improve security posture. 3. Define and implement a compliance roadmap for ISO 27001/SOC 2 certifications. Description **Senior DevSecOps Engineer** **Location:** Zaragoza (preferred) \| **Work model:** Hybrid (approx. 60% office / 40% remote) **Position Context** Cinarra is in a phase of maturity and growth of its technology platform, with a strong DevOps team in Spain (primarily in Zaragoza) and a strategic initiative to elevate **security, compliance, and best practices** across the board. This position is the **first dedicated DevSecOps role** within the organization. The objective is not to fill a purely execution-oriented role, but to bring in a **senior technical reference** who will lead the DevSecOps initiative, define the roadmap, and guide the team in adopting security-by-design practices—with a clear focus on **cloud, CI/CD, Kubernetes, and compliance (ISO 27001 / SOC 2)**. The candidate will join the DevOps team and lead an **internal security squad**, currently composed of DevOps profiles assuming part of these responsibilities. **Job Mission** Lead the implementation of DevSecOps practices at Cinarra, integrating security across the entire software development lifecycle (SDLC), CI/CD pipelines, and cloud infrastructure—aiming to: * Progressively improve the platform’s security posture. * Define and implement a compliance roadmap. * Prepare the company for achieving certifications such as **ISO 27001 and/or SOC 2** within approximately one year. **Main Responsibilities** * Lead the DevSecOps initiative within the organization, acting as the **technical reference** and team guide. * Design, implement, and maintain **secure CI/CD pipelines** in AWS environments. * Integrate security practices into pipelines: + SAST, DAST, and dependency analysis (SCA). + Container image scanning. + Security checks in Infrastructure-as-Code. * Automate infrastructure provisioning using **Terraform and Ansible**, applying hardening and security standards. * Operate, secure, and scale **production Kubernetes clusters**. * Apply Kubernetes security best practices (RBAC, network policies, secret management, pod security). * Ensure AWS environments comply with best practices (IAM, VPC, encryption, logging). * Implement security observability and monitoring (Prometheus, Grafana, CloudWatch, security alerts). * Manage secrets and credentials (AWS Secrets Manager, Vault, SSM, or others). * Detect, analyze, and resolve production and security incidents. * Document architectures, security configurations, and operational procedures. * Define and execute a **compliance roadmap** aligned with ISO 27001 / SOC 2. * Collaborate with distributed international DevOps and development teams. **Required Profile** * Solid experience as a **DevOps / DevSecOps Engineer** (approx. 4–10 years). * Clear technical background in DevOps, with strong orientation toward **security**. * Demonstrable experience leading or driving DevSecOps initiatives. * In-depth knowledge of: + Linux + Kubernetes + Docker and containers + AWS (and hybrid environments) + CI/CD (GitHub Actions or others) + Terraform and Ansible * Good understanding of cloud and container security. * Ability to work cross-functionally and take ownership of projects. * Fluent English (spoken and written). **Highly Valued** * Experience in **ISO 27001 and/or SOC 2** certification processes. * Cloud security certifications (AWS, Kubernetes, etc.). * Experience with security tools: + Trivy, Snyk, Checkov, tfsec, SonarQube, OWASP ZAP, or similar. * Knowledge of GitOps (ArgoCD or others). * Familiarity with Kafka, PostgreSQL, ClickHouse. * Prior experience in SaaS environments and cloud-native platforms. 70.000€ \- 80.000€ Zaragoza Hybrid **Contact person:** jgomez@q\-techrec.com \+34 636 939 309