Job Description
Senior DevSecOps Engineer
Location: Zaragoza (preferred) |
Work model: Hybrid (approx. 60% office / 40% remote)
Position Context
Cinarra is in a phase of maturity and growth of its technological platform, with a solid DevOps team in Spain (mainly in Zaragoza) and a strategic initiative to elevate security, compliance, and best practices across the organization.
This position is the first one dedicated specifically to DevSecOps within the company. The objective is not to fill a purely execution-focused role, but to bring in a senior technical reference who will lead the DevSecOps initiative, define the roadmap, and guide the team in adopting security-by-design practices, with a clear focus on cloud, CI/CD, Kubernetes, and compliance (ISO 27001 / SOC 2).
The person will join the DevOps team and lead an internal security squad currently made up of DevOps profiles who partially assume these responsibilities.
Mission of the role
Lead the implementation of DevSecOps practices at Cinarra, integrating security throughout the software development lifecycle (SDLC), CI/CD pipelines, and cloud infrastructure, with the objective of:
- Progressively improving the security posture of the platform.
- Defining and implementing a compliance roadmap.
- Preparing the company to obtain certifications such as ISO 27001 and/or SOC 2 within an approximate timeframe of one year.
Main responsibilities
- Lead the DevSecOps initiative within the organization, acting as a technical reference and team guide.
- Design, implement, and maintain secure CI/CD pipelines in AWS environments.
- Integrate security practices into pipelines:
- SAST, DAST, and dependency analysis (SCA).
- Container image scanning.
- Security checks in Infrastructure as Code.
- Automate infrastructure provisioning using Terraform and Ansible, applying hardening and security standards.
- Operate, secure, and scale Kubernetes clusters in production environments.
- Apply Kubernetes security best practices (RBAC, network policies, secrets management, pod security).
- Ensure AWS environments comply with best practices (IAM, VPC, encryption, logging).
- Implement security observability and monitoring (Prometheus, Grafana, CloudWatch, security alerts).
- Manage secrets and credentials (AWS Secrets Manager, Vault, SSM, or others).
- Detect, analyze, and resolve production and security incidents.
- Document architectures, security configurations, and operational procedures.
- Define and execute a compliance roadmap aligned with ISO 27001 / SOC 2.
- Collaborate with DevOps and development teams distributed internationally.
Required profile
- Solid experience as a DevOps / DevSecOps Engineer (approx. 4–10 years).
- Strong technical background in DevOps, with a clear security focus.
- Proven experience leading or driving DevSecOps initiatives.
- Deep knowledge of:
- Linux
- Kubernetes
- Docker and containers
- AWS (and hybrid environments)
- CI/CD (GitHub Actions or others)
- Terraform and Ansible
- Strong understanding of cloud and container security.
- Ability to work cross-functionally and take ownership of the initiative.
- Fluent English (spoken and written).
Highly valued
- Experience in ISO 27001 and/or SOC 2 certification processes.
- Cloud security certifications (AWS, Kubernetes, etc.).
- Experience with security tools:
- Trivy, Snyk, Checkov, tfsec, SonarQube, OWASP ZAP, or similar.
- Knowledge of GitOps (ArgoCD or others).
- Knowledge of Kafka, PostgreSQL, ClickHouse.
- Previous experience in SaaS environments and cloud-native platforms.