Job Posting: CYBER DEVSECOPS MANAGER

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.To make a difference with us, all you need to do is bring your human best.What will your story be? Apply now  Learn more: Cyber DevSecOps ManagerWhat this position is about – Purpose: This position exists to ensure the consistent security of JTI's Digital Ecosystem (DES) and global applications, including e-commerce solutions. The role is responsible for defining and implementing technical security standards across these platforms, embedding secure DevOps practices into CI/CD environments (e.g., Azure DevOps, GitLab, GitHub), and protecting applications from internal and external threats while promoting shift-left security practices throughout the software development lifecycle.As part of the Cyber Security Centre, this role contributes to the delivery of high-quality, cost-effective security services across JTI's global infrastructure and application landscape—including security architecture, design, innovation, assurance, service delivery, and SOC operations.The position also drives the adoption of security tools and best practices, conducts threat assessments, and partners closely with engineering, product, and operations teams to ensure the secure design, development, and deployment of cloud-based and mobile solutions. It requires a strong foundation in cloud and container security, Secure SDLC, application security tooling (e.g., SAST, DAST, SCA), and secure coding principles, with a particular focus on Azure environments.Ultimately, this role is critical to maintaining a secure, compliant, and resilient digital environment aligned with corporate and industry security standards.What will you do – Responsibilities: Security Integration in CI/CDResponsible for integrating and maintaining security tools in the CI/CD pipeline to ensure secure development and deploymentAssist in identifying, tracking, and prioritizing security vulnerabilities in the development environmentSupport the remediation of vulnerabilities, collaborating with development and operations teams to address security issuesSecurity Tool Administration, Monitoring and ReportingAssist in configuring, maintaining, and troubleshooting security tools used in the CI/CD pipeline, such as static and dynamic application security testing (SAST/DAST), and software composition analysis (SCA)Ensure that tools are functioning properly, with regular updates and maintenance to keep them currentMonitor CI/CD environments for security threats, running regular security scans and auditsAssist in generating reports on security findings, tracking resolution progress, and ensuring transparency in security postureSecurity Awareness & TrainingContribute to security awareness initiatives within development teams, promoting secure coding practicesEducate teams on common vulnerabilities and industry best practices to enhance overall security knowledgeGovernanceEnsure adherence to security standards, frameworks (e.g. OWASP, NIST, ISO, PCI DSS), and JTI security policiesSupport the development of security policies, ensuring that security best practices are consistently followed across the teamWho are we looking for – Requirements: Education: University degree in Computer Science, Computer Engineering, Information Systems, or related field or relevant experienceWork experience: working experience on the following new technology trends:5+ years of solid knowledge in cloud and container security, including the specific characteristics of cloud-based security services and securing web/mobile applications5+ years of hands-on experience in operational Cybersecurity, DevOps, or DevSecOps, with strong knowledge of the Secure SDLC approach and the ability to articulate security goals, lifecycle stages, and related processesExperience implementing Secure SDLC and integrating security into CI/CD pipelines with a shift-left approachProficient in Azure, Python, Bash, and using tools like SCA, SAST, DAST/IAST, and image scanningKnowledge of security standards (OWASP, NIST, ISO, PCI DSS) and experience with tools like Blackduck, Coverity on Polaris, Advanced Security, WIZ etc.Familiar with cloud-native security controls, secure coding practices, and threat modeling (e.g., OWASP Threat Dragon)Strong knowledge of network security, including common protocols and the OSI model.Hands-on experience with Infrastructure-as-Code (IaC) tools (e.g., Terraform), and CI/CD platforms such as GitLab, Azure DevOps, and GitHub, including integrating security tools into pipelines.Good understanding of containerization and Kubernetes, especially from a security perspective.Language: English professional working proficiency (spoken and written) What are the next steps:Interview with GBS Talent Attraction Expert  Online interview with the Hiring Manager and one of his Team2nd Line Interview for FinalistsAll applications will be reviewed. Please be aware that you will receive the call from Poland (prefix +48), as our Global Business Services is based in Warsaw.   Are you ready to join us? Build your success story at JTI. Apply nowNext Steps:After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.