Security Engineer

Adeva is a global talent network that enables work without boundaries by connecting tech professionals with top companies worldwide. 

We are looking for a Security Engineer who will drive security-by-design across GitLab CI/CD pipelines by implementing automated security controls, enforcing guardrails, and embedding secure SDLC practices. Partner closely with InfoSec, Cloud, and Engineering teams to ensure secure, compliant, and reliable software delivery.

Responsibilities

• Implement and maintain SAST, DAST, SCA, container scanning, and secret detection within GitLab CI/CD
• Enforce policy-as-code, including branch protections, merge request approvals, vulnerability gates, and artifact signing
• Standardize and secure CI/CD workflows across teams
• Triage and prioritize security findings and define remediation plans
• Track vulnerabilities to closure and support secure release decisions
• Secure infrastructure-as-code deployments using Terraform or Ansible
• Harden containers, registries, build runners, and cloud environments
• Align security controls with CIS, NIST, and applicable regulatory requirements
• Support SBOM generation and audit-ready reporting
• Promote shift-left security practices and contribute to documentation and playbooks

Requirements

• Hands-on experience with GitLab Ultimate security features and CI/CD administration
• Proven experience integrating SAST, DAST, and SCA into pipelines with release gating
• Experience with tools such as SonarQube, BlackDuck or Nexus Lifecycle, Snyk or Trivy, and OWASP ZAP
• Strong scripting and automation skills (Python, Bash, YAML)
• Solid understanding of Docker and Kubernetes security
• Experience securing infrastructure-as-code (Terraform or Ansible)
• Experience with threat modeling, risk assessment, and remediation planning

Nice to Have

• Relevant certifications (DevSecOps, CKS, Security+, etc.)
• Experience with IaC security tools such as OPA, Conftest, or Checkov
• Knowledge of supply chain security practices (SBOM, Cosign, SLSA)
• Familiarity with DORA metrics and security KPI reporting

About Adeva

Adeva is an exclusive network of engineers, product and data professionals that connects consultants with leading enterprise organizations and startups. Our network is distributed all over the world, with engineers in more than 35 countries. Our company culture builds connections, careers, and employee growth. We are creating a workplace from the future that values flexibility, autonomy, and transparency. If that sounds like something you’d like to be part of, we’d love to hear from you.