DevSecOps Team Lead

Описание

General duties
Team Leadership & Strategy
Lead, mentor, and develop a team of three AppSec specialists, including white hat hackers and DevSecOps engineers.
Set goals, manage performance, and foster a culture of continuous learning and innovation.
Recruit, train, and retain top security talent.
Application Security Governance
Establish and maintain the Secure Software Development Lifecycle (SSDLC).
Define security requirements, policies, coding standards, and AppSec governance processes.
Provide architectural guidance and conduct threat modeling for high-risk projects.
DevSecOps & CI/CD Security
Integrate SAST, DAST, SCA, API testing, and container/IaC scanning into CI/CD pipelines.
Work with DevOps teams to design secure build and deployment pipelines.
Implement shift-left security and ensure automated quality gates are applied consistently.
Vulnerability Management
Own the end-to-end vulnerability management process across applications and APIs.
Triage, classify, and track remediation of security findings in line with regulatory SLAs.
Produce metrics and dashboards for leadership, including KPIs and risk insights.
Penetration Testing & Ethical Hacking
Oversee internal and external penetration testing initiatives (white-box, black-box, gray-box).
Coordinate red-team exercises and collaborate with ethical hackers to simulate real-world attacks.
Prioritize and manage remediation efforts with application owners.
Security Assessments & Compliance
Conduct security reviews, code audits, and risk assessments for new and existing systems.
Ensure compliance with DORA, NIS2, ISO 27001, PCI DSS, GDPR, and banking security standards.
Support audit activities, provide documentation, and implement corrective actions.
Training, Awareness & Innovation
Deliver secure coding training to developers and stakeholders.
Stay current with emerging threats, technologies, and industry practices.
Partner with external vendors and regulators to strengthen the bank’s security posture.


Requirements
Technical Skills

Expertise in SAST, DAST, SCA, API testing, fuzzing, mobile application security testing.
In-depth knowledge of OWASP Top 10, ASVS, API Security Top 10 and secure coding guidelines.
Experience with CI/CD pipelines (GitLab, Jenkins, Azure DevOps, GitHub Actions).
Understanding of container platforms (Docker, Kubernetes) and cloud-native security.
Strong understanding of application threat modeling and secure architecture principles.
Experience with vulnerability scanners, penetration testing tools (e.g., Burp Suite, Metasploit, Nessus), and code analysis platforms.
Proficiency in programming languages such as Java, Python, or .NET for code reviews and security scripting.
Regulatory & Governance Skills

Strong knowledge of DORA (ICT risk, testing, change management), ISO 27001, NIS2, GDPR, and PCI DSS.
Ability to translate regulatory requirements into technical secure development controls.
Experience preparing for and responding to audits and inspections.
Skilled in risk assessment methodologies and developing compliance roadmaps.
Leadership & Organizational Skills

Strong ability to lead technical specialists and drive cross-department collaboration.
Excellent prioritization, delegation, and project coordination skills.
Experience building AppSec roadmaps and maturity improvement plans.
Strong analytical and problem-solving abilities, with a focus on risk-based decision-making.
Exceptional communication skills for presenting complex security concepts to non-technical stakeholders, including executive reports and training sessions.
Ability to foster an inclusive, high-performance team environment while managing conflicts and promoting work-life balance.


DSK Bank offers
Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
Food vouchers in the amount of up to 102.26 EURper month
20+5 paid holiday leave
Additional Health Insurance
Annual bonus scheme depending on the achieved results
Favorable conditions for housing and mortgage lending, as well as for bank products and services
Preferential conditions for Multisport / CoolFit card
Discounts in various companies
Professional trainings for specific knowledge and skills
Refer a Friend Bonus


Documents for application
CV

Изисквания към кандидата

Езикови познания:

Трудов опит:
С професионален опит от 1 - 3г.

Образование:
Магистър

Ние предлагаме

Вид заетост:

Срок на заетост:

Договор:

Ниво в йерархията:
Експертен персонал без ръководни функции

Категория:

ИТ и Компютърни специалисти

Държава:

България

Населено място:

Гр. София

Адрес:

ул. “Московска” 19, Централно управление

Дата:

29.04.2026

Организация:

Банка ДСК АД
Фирма/Организация - Директно търсеща служители

Детайли за организацията:

Повече информация за Банка ДСК АД може да получите ТУК