DevSecOps Engineer — Vulnerability Management AWS focus

Solutions 30 is a company operating for 20 years to facilitate access to new technologies. It has a network of experts and engineers serving clients in ten European countries. Since 2019, Solutions 30 operates in Poland with nearly 1000 employees and a broad subcontractor network. The company is a leader in European market services, providing effective technological solutions through extensive support and optimized management processes.

• 3+ years of experience in a DevSecOps, application security, or vulnerability management role
• Hands-on experience with vulnerability scanning tools (e.g. Tenable, Trivy, Amazon Inspector or similar)
• Working knowledge of AWS environments and containerised workloads (Docker/Kubernetes)
• Experience working with Jira or similar for defect and vulnerability tracking
• Understanding of CVSS scoring, risk prioritisation, and patch management processes
• Ability to translate technical findings into clear, actionable tasks for development teams
• Working proficiency in English

Nice to have:

• Familiarity with NIS2, ISO/IEC 27001, or GDPR compliance frameworks
• OSCP, CEH, CKS or equivalent security certification
• Experience with CI/CD pipeline security (SAST/DAST/SCA integration)
• Working proficiency in French or Polish

• Own the end-to-end vulnerability management lifecycle — from detection through to verified remediation
• Triage and prioritise vulnerabilities across AWS infrastructure, containerised workloads (Kubernetes/EKS), and web applications
• Coordinate remediation with development and infrastructure teams, ensuring timely resolution within agreed SLAs
• Enable update process on selected infrastructure components
• Maintain and improve the vulnerability tracking process in Jira, providing clear visibility to stakeholders
• Produce regular risk-based reporting on vulnerability status for management and compliance purposes
• Ensure processes align with NIS2 and ISO/IEC 27001 requirements
• Promote security awareness and provide guidance to developers on secure coding and patching best practices