Senior DevSecOps Engineer

About the Role

We are looking for a Senior DevSecOps Engineer to integrate and operate security controls across our SDLC. As part of the Application Security team, you will embed SAST and SCA tooling in CI/CD pipelines, build dedicated security pipelines, and configure repository policies and curation to reduce supply-chain risk. You will partner with different stakeholders to triage findings, guide remediation, and make secure-by-default practices the path of least resistance.

What You’ll Do

• Integrate and manage security tooling in CI/CD: SAST, SCA, secrets scanning, and container image scanning. Design and maintain automated workflows and gates across pull requests, merges, and releases
• Build and optimize security pipelines and reusable templates in Azure DevOps, Jenkins, GitLab CI/CD, and TeamCity. Implement risk-based thresholds aligned with product teams and tune for signal over noise
• Collaborate with Application Security and Development to triage findings, provide actionable fix guidance, track remediation, and prevent recurrence through guardrails and standards
• Configure and maintain repository policies and curation in package repositories for NuGet, npm, and similar
• Monitor and analyze scanning results across environments. Create concise dashboards and metrics to show coverage, trends, and risk reduction, and refine rules to reduce false positives
• Enhance CI/CD pipelines with secure-by-default configurations. Improve developer experience through documentation, reusable patterns and enablement sessions
• Support audit preparation, evidence collection, and compliance activities tied to the software delivery process

What You’ll Bring

• Experience in DevOps, SRE, or Infrastructure Engineering with hands-on CI/CD integration
• Strong understanding of SSDLC and DevSecOps, including risk-based gates and remediation workflows
• Hands-on experience with CI/CD platforms (Azure DevOps, Jenkins, GitLab CI/CD, TeamCity) and pipeline-as-code (YAML)
• Experience integrating and tuning security tools (SAST, SCA); familiarity with secrets and container image scanning
• Knowledge of artifact repositories, dependency management, and vulnerability/license scanning with policy configuration
• Solid Linux and Windows skills: CLI usage, log analysis, basic networking, and build/container troubleshooting
• Experience with automation and configuration management (Ansible, Helm) and containers/orchestration (Docker, Kubernetes)
• Exposure to Infrastructure as Code (Terraform, CloudFormation, Bicep) and embedding security checks in IaC pipelines
• Basic understanding of application and network security concepts in automated pipelines
• Familiarity with monitoring/observability tools for troubleshooting CI/CD and security jobs

Bonus Skills

• Scripting in Python, PowerShell, or Bash
• Familiarity with compliance frameworks; SBOM experience 

What You’ll Get:

• 25 vacation days, 4 sick days, 21 paid medical leave days, plus 4 extra global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares
• Premium private medical insurance for employees and dependents
• Daily meal vouchers for restaurants and groceries (180 CZK per working day)
• Flexible cafeteria platform with thousands of lifestyle benefit options
• Multisport Card for gym and wellness, with family add-on options
• Annual public transport reimbursement up to a set limit
• Corporate mobile plan with optional family tariff
• Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops and learning events like our annual Global Day of Learning

Please note: If the applicant is permanently present outside of the Czech Republic, Veeam reserves the right to refuse to consider the application for a job. Remote job is only possible in case the employee is located in the Czech Republic. 

#LI-AR1
#Remote