You've picked a great time to join Avon. We're looking forward to the next chapter in our company's amazing story. We see the beauty in our differences and are looking for open-minded, team players to join our team. We want you to feel confident in bringing your whole self to work, while supporting colleagues to do the same. If you'd like to become an Avon associate, this is your time!

DevSecOps Lead – security lead in CICD of software development life cycle

Would you like to

We are currently recruiting for a DevSecOps Lead to join our global IT Security Team within Avon. Avon develops state-of-art applications to serve its customers and sales force selling and buying Avon cosmetics and other product portfolio.


Working as a member of the Security Architecture team, the DevSecOps Lead will focus on the implementation, management and continuous improvement of security controls in Avon’s Software Development Life Cycle.

The DevSecOps Lead will cooperate with Security Architecture and DevOps teams to implement defined security controls in the CI/CD pipeline. The DevSecOps Lead will advise development teams on how to design secure applications and cloud environments. As a person who understands deeply CI/CD pipeline technologies, the role will make decisions (based on security measures) about software deployment in production stage.

Implement, manage and continuously improve of security controls in Software Development Life Cycle.

Be an Application security advisor.

Make decisions (based on security measures) about software deployment in production stage

Perform required application security analyses (including: threat modeling, risk assessment, business impact etc.).

Create and adjust automation for Pre-commit, Commit-time, Build-time, Test-time and Deploy-time checks.

Closely cooperate with the rest of architecting/project teams.

Do you have

  • A bachelor's degree in Computer Science, Engineering, Information Security, or equivalent work experience
  • 5+ years of relevant professional experience at a multinational firm in Agile development, Continuous Integration and development (CD/CD), Secure software development (SSDLC), Applications IT Security, Cloud Security.
  • Proven hands-on experience with automation tools and scripting (Jenkins, Ansible, Terraform)
  • Proven hands-on experience with SVN tools like Git, Bit Bucket, Github.
  • Deep understanding about security concepts in Enterprise
  • Knowledge of industry regulations and requirements such as ISO27001, NIST, PCI-DSS, HIPAA and other industry standards
  • Experience in implementing and maintaining security controls and best practices for cloud components like VMs, microservices, serverless functions
  • Knowledge of application’s security
  • Programming experience with scripting languages like Python, Bash, PowerShell
  • Experience in development and operations of ELK (Elasticsearch, Logstash, and Kibana, Winlogbeat and Beats) stack
  • Experience with AWS and/or Azure Cloud solutions
  • Proven hands-on experience with container security tools like Twistlock, Aqua Security, Sysdig, Snyk
  • Knowledge of trouble ticketing systems/CRM
  • Strong interpersonal and user service skills
  • Proficient knowledge about enterprise processes based on ITIL
  • English language skills (spoken and written)

What you get in return

Confidence to bring your whole self to work

We provide opportunities for you to do your best work and realize your full potential

We empower you to deliver and support flexible working to help you perform at your best

We recognize your contribution with a competitive total reward and benefits package along with opportunities to celebrate individual and business success.


Apply via "Jelentkezem" button underneath!