Praca Cyber Security DevOps Manager, Warszawa

We’re JTI, Japan Tobacco International and we believe in freedom. We think that the possibilities are limitless when you’re free to choose. And we’ve spent the last 20 years innovating, creating new and better products for our consumers to choose from.

But our business, isn’t just business. Our business is our people. Their talent. Their potential. We believe when they’re free to be themselves, grow, travel and develop, amazing things can happen for our business. That’s why our employees, from around the world, choose to be a part of JTI and why 9 out of 10 would recommend us to a friend.

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #join the idea!

Cyber Security DevOps Manager

Cyber Security DevOps Manager

Location: Warszawa,

Nr ref: 103306

What this position is about – Purpose:

This position exists to ensure the consistent security of JTI’s Digital Ecosystem (DES) and global applications, including e-commerce solutions. The role is responsible for defining and implementing technical security standards across these platforms, embedding secure DevOps practices into CI/CD environments (e.g., Azure DevOps, GitLab, GitHub), and protecting applications from internal and external threats while promoting shift-left security practices throughout the software development lifecycle.

As part of the Cyber Security Centre, this role contributes to the delivery of high-quality, cost-effective security services across JTI’s global infrastructure and application landscape—including security architecture, design, innovation, assurance, service delivery, and SOC operations.

The position also drives the adoption of security tools and best practices, conducts threat assessments, and partners closely with engineering, product, and operations teams to ensure the secure design, development, and deployment of cloud-based and mobile solutions. It requires a strong foundation in cloud and container security, Secure SDLC, application security tooling (e.g., SAST, DAST, SCA), and secure coding principles, with a particular focus on Azure environments.

Ultimately, this role is critical to maintaining a secure, compliant, and resilient digital environment aligned with corporate and industry security standards.

What will you do – Responsibilities:

Security Integration in CI/CD

Responsible for integrating and maintaining security tools in the CI/CD pipeline to ensure secure development and deployment
Assist in identifying, tracking, and prioritizing security vulnerabilities in the development environment
Support the remediation of vulnerabilities, collaborating with development and operations teams to address security issues

Security Tool Administration, Monitoring and Reporting

Assist in configuring, maintaining, and troubleshooting security tools used in the CI/CD pipeline, such as static and dynamic application security testing (SAST/DAST), and software composition analysis (SCA)
Ensure that tools are functioning properly, with regular updates and maintenance to keep them current
Monitor CI/CD environments for security threats, running regular security scans and audits
Assist in generating reports on security findings, tracking resolution progress, and ensuring transparency in security posture

Security Awareness & Training

Contribute to security awareness initiatives within development teams, promoting secure coding practices
Educate teams on common vulnerabilities and industry best practices to enhance overall security knowledge

Governance

Ensure adherence to security standards, frameworks (e.g. OWASP, NIST, ISO, PCI DSS), and JTI security policies
Support the development of security policies, ensuring that security best practices are consistently followed across the team

Who are we looking for – Requirements:

Education: University degree in Computer Science, Computer Engineering, Information Systems, or related field or relevant experience
Work experience: working experience on the following new technology trends:
5+ years of solid knowledge in cloud and container security, including the specific characteristics of cloud-based security services and securing web/mobile applications
5+ years of hands-on experience in operational Cybersecurity, DevOps, or DevSecOps, with strong knowledge of the Secure SDLC approach and the ability to articulate security goals, lifecycle stages, and related processes
Experience implementing Secure SDLC and integrating security into CI/CD pipelines with a shift-left approach
Proficient in Azure, Python, Bash, and using tools like SCA, SAST, DAST/IAST, and image scanning
Knowledge of security standards (OWASP, NIST, ISO, PCI DSS) and experience with tools like Blackduck, Coverity on Polaris, Advanced Security, WIZ etc.
Familiar with cloud-native security controls, secure coding practices, and threat modeling (e.g., OWASP Threat Dragon)
Strong knowledge of network security, including common protocols and the OSI model.
Hands-on experience with Infrastructure-as-Code (IaC) tools (e.g., Terraform), and CI/CD platforms such as GitLab, Azure DevOps, and GitHub, including integrating security tools into pipelines.
Good understanding of containerization and Kubernetes, especially from a security perspective.

Language: English professional working proficiency (spoken and written)

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.

PROCEDURE:
JTI GBS Sp. z o.o. has introduced an Internal Reporting Procedure for Whistleblowers.
If you would like to review this procedure, it is available upon request.

If you decide to participate in this recruitment, the administrator of your data will be JTI GBS Poland sp. z o.o. with headquarters in Warsaw. Your data will be processed only to support the recruitment process in which you participate. Detailed information on the processing of your data here.