M1 - DevSecOps Lead

Objective of the Role
As the DevSecOps Lead, you will be the visionary and architect of security integration within our software delivery lifecycle. Your mission is to bridge the gap between development, operations, and security, transforming "security" from a checkpoint into a continuous, automated, and high-performing practice. You willclead a talented team to protect Spin’s technological ecosystem while maintaining the agility required by a world-class fintech.

Main Responsibilities
● Practice Leadership: Champion and mentor a high-performing DevSecOps team, fostering an autonomous, innovative, and "people-first" work culture.
● Security Strategy: Design and execute a comprehensive DevSecOps roadmap that accelerates business value without compromising safety.
● CI/CD Orchestration: Lead the seamless integration of security guardrails into automated pipelines, ensuring secure code and infrastructure as code (IaC) from the start.
● Security Automation: Implement and optimize advanced tooling (SAST, DAST, SCA, and Container Security) to minimize manual friction and human error.
● Incident & Risk Management: Command response activities for development-related incidents, conducting deep-dive Root Cause Analysis (RCA) to drive permanent improvements.
● Architecture & Collaboration: Partner with Architecture and Product teams to embed security into the core of the Software Development Lifecycle (SDLC).
● Stakeholder Influence: Effectively communicate security initiatives and risks to leadership, acting as a trusted advisor for technical and business units.
● Spin Culture Ambassador: Model Spin’s values to maintain a dynamic, inclusive, and high-trust
environment.

Required Knowledge and Experience
● Experience: Proven track record (6+ years) in DevSecOps and Cybersecurity within tech-driven or fintech environments, with at least 2+ years leading engineering teams.
● Cloud & Containers: Deep expertise in Cloud Security (AWS/Azure/GCP) and container orchestration (Kubernetes/Docker).
● The Tech Stack: Mastery of automation tools such as Jenkins, GitLab, SonarQube, and infrastructure as code.
● Automation: Advanced proficiency in scripting (Python, Bash) to "automate everything."
● Standards: Strong familiarity with frameworks like NIST, OWASP, and PCI-DSS adapted to agile environments.
● Soft Skills: Exceptional analytical thinking, crisis management, and the ability to influence cross-functional teams.
● Education: Bachelor’s degree in Computer Science or IT; specialized certifications (e.g., CISSP, CISM, CSSLP) are a plus.
● English: Intermediate English is required.