CYBER DEVSECOPS MANAGER

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!

Learn more jti.com

Cyber DevSecOps Manager

What This Position Is About – Purpose

This position exists to ensure the consistent security of JTI’s Digital Ecosystem (DES) and global applications, including e-commerce solutions. The role is responsible for defining and implementing technical security standards across these platforms, embedding secure DevOps practices into CI/CD environments (e.g., Azure DevOps, GitLab, GitHub), and protecting applications from internal and external threats while promoting shift-left security practices throughout the software development lifecycle.

As part of the Cyber Security Centre, this role contributes to the delivery of high-quality, cost-effective security services across JTI’s global infrastructure and application landscape—including security architecture, design, innovation, assurance, service delivery, and SOC operations.

The position also drives the adoption of security tools and best practices, conducts threat assessments, and partners closely with engineering, product, and operations teams to ensure the secure design, development, and deployment of cloud-based and mobile solutions. It requires a strong foundation in cloud and container security, Secure SDLC, application security tooling (e.g., SAST, DAST, SCA), and secure coding principles, with a particular focus on Azure environments.

Ultimately, this role is critical to maintaining a secure, compliant, and resilient digital environment aligned with corporate and industry security standards.

What Will You Do – Responsibilities

Security Integration in CI/CD

• Responsible for integrating and maintaining security tools in the CI/CD pipeline to ensure secure development and deployment
• Assist in identifying, tracking, and prioritizing security vulnerabilities in the development environment
• Support the remediation of vulnerabilities, collaborating with development and operations teams to address security issues
  
  

Security Tool Administration, Monitoring and Reporting

• Assist in configuring, maintaining, and troubleshooting security tools used in the CI/CD pipeline, such as static and dynamic application security testing (SAST/DAST), and software composition analysis (SCA)
• Ensure that tools are functioning properly, with regular updates and maintenance to keep them current
• Monitor CI/CD environments for security threats, running regular security scans and audits
• Assist in generating reports on security findings, tracking resolution progress, and ensuring transparency in security posture
  
  

Security Awareness & Training

• Contribute to security awareness initiatives within development teams, promoting secure coding practices
• Educate teams on common vulnerabilities and industry best practices to enhance overall security knowledge
  
  

Governance

• Ensure adherence to security standards, frameworks (e.g. OWASP, NIST, ISO, PCI DSS), and JTI security policies
• Support the development of security policies, ensuring that security best practices are consistently followed across the team
  
  

Who Are We Looking For – Requirements

Education University degree in Computer Science, Computer Engineering, Information Systems, or related field or relevant experience

Work experience working experience on the following new technology trends

• 5+ years of solid knowledge in cloud and container security, including the specific characteristics of cloud-based security services and securing web/mobile applications
• 5+ years of hands-on experience in operational Cybersecurity, DevOps, or DevSecOps, with strong knowledge of the Secure SDLC approach and the ability to articulate security goals, lifecycle stages, and related processes
• Experience implementing Secure SDLC and integrating security into CI/CD pipelines with a shift-left approach
• Proficient in Azure, Python, Bash, and using tools like SCA, SAST, DAST/IAST, and image scanning
• Knowledge of security standards (OWASP, NIST, ISO, PCI DSS) and experience with tools like Blackduck, Coverity on Polaris, Advanced Security, WIZ etc.
• Familiar with cloud-native security controls, secure coding practices, and threat modeling (e.g., OWASP Threat Dragon)
• Strong knowledge of network security, including common protocols and the OSI model.
• Hands-on experience with Infrastructure-as-Code (IaC) tools (e.g., Terraform), and CI/CD platforms such as GitLab, Azure DevOps, and GitHub, including integrating security tools into pipelines.
• Good understanding of containerization and Kubernetes, especially from a security perspective.
  
  

Language English professional working proficiency (spoken and written)

What Are The Next Steps

• Interview with GBS Talent Attraction Expert
• Online interview with the Hiring Manager and one of his Team
• 2nd Line Interview for Finalists
  
  

All applications will be reviewed. Please be aware that you will receive the call from Poland (prefix +48), as our Global Business Services is based in Warsaw.

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure Phone screening with Talent Advisor > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. If you need any specific support, alternative formats, or have other access requirements, please let us know.