Senior DevSecOps Engineer

Description

Job Summary: We are seeking a Senior DevSecOps Engineer to lead the security, compliance, and best practices initiative by embedding security across the entire software development lifecycle at Cinarra. Key Highlights: 1. Lead the DevSecOps initiative as a senior technical reference. 2. Integrate security into SDLC, CI/CD, and cloud environments, with a focus on Kubernetes and compliance. 3. Define the compliance roadmap and prepare for ISO 27001 / SOC 2 certifications. Description **Senior DevSecOps Engineer** **Location:** Zaragoza (preferred) \| **Work model:** Hybrid (approx. 60% office / 40% remote) **Position Context** Cinarra is in a phase of technological platform maturity and growth, supported by a strong DevOps team in Spain (primarily based in Zaragoza) and a strategic initiative to elevate **security, compliance, and best practices** organization-wide. This position is the **first dedicated DevSecOps role** within the organization. The objective is not to fill a purely execution-oriented role, but to bring in a **senior technical reference** who will lead the DevSecOps initiative, define the roadmap, and guide the team in adopting security-by-design practices—with a clear focus on **cloud, CI/CD, Kubernetes, and compliance (ISO 27001 / SOC 2\)**. The candidate will join the DevOps team and lead an **internal security squad**, currently composed of DevOps professionals who already assume part of these responsibilities. **Job Mission** Lead the implementation of DevSecOps practices at Cinarra, integrating security across the software development lifecycle (SDLC), CI/CD pipelines, and cloud infrastructure, with the following objectives: * Progressively improve the platform’s security posture. * Define and implement a compliance roadmap. * Prepare the company for achieving certifications such as **ISO 27001 and/or SOC 2** within approximately one year. **Key Responsibilities** * Lead the DevSecOps initiative within the organization, acting as the **technical reference** and team guide. * Design, implement, and maintain **secure CI/CD pipelines** in AWS environments. * Integrate security practices into pipelines: + SAST, DAST, and dependency analysis (SCA). + Container image scanning. + Security checks in Infrastructure-as-Code. * Automate infrastructure provisioning using **Terraform and Ansible**, applying hardening and security standards. * Operate, secure, and scale **production Kubernetes clusters**. * Apply Kubernetes security best practices (RBAC, network policies, secret management, pod security). * Ensure AWS environments comply with best practices (IAM, VPC, encryption, logging). * Implement security observability and monitoring (Prometheus, Grafana, CloudWatch, security alerts). * Manage secrets and credentials (AWS Secrets Manager, Vault, SSM, or others). * Detect, analyze, and resolve production and security incidents. * Document architectures, security configurations, and operational procedures. * Define and execute a **compliance roadmap** aligned with ISO 27001 / SOC 2\. * Collaborate with internationally distributed DevOps and development teams. **Required Profile** * Solid experience as a **DevOps / DevSecOps Engineer** (approx. 4–10 years). * Clear technical background in DevOps, with a strong orientation toward **security**. * Demonstrable experience leading or driving DevSecOps initiatives. * In-depth knowledge of: + Linux + Kubernetes + Docker and containers + AWS (and hybrid environments) + CI/CD (GitHub Actions or others) + Terraform and Ansible * Strong understanding of cloud and container security. * Ability to work cross-functionally and take ownership of projects. * Fluent English (spoken and written). **Highly Desirable** * Experience with **ISO 27001 and/or SOC 2** certification processes. * Cloud security certifications (AWS, Kubernetes, etc.). * Experience with security tools: + Trivy, Snyk, Checkov, tfsec, SonarQube, OWASP ZAP, or similar. * Knowledge of GitOps (ArgoCD or others). * Familiarity with Kafka, PostgreSQL, ClickHouse. * Prior experience in SaaS environments and cloud-native platforms. 70\.000€ \- 80\.000€ Zaragoza Hybrid **Contact Person:** jgomez@q\-techrec.com \+34 636 939 309