DevSecOps Engineer at METRO/MAKRO

Pune, maharashtra, India -

Full Time

Start Date

Immediate

Expiry Date

24 May, 26

Salary

0.0

Posted On

23 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application Security, CI/CD Pipelines, Vulnerability Remediation, Code Review, Security Controls, API Security, Threat Modeling, Best Practices Definition, Java, C++, Python, JavaScript, LLMs, AI, Github Co-pilot, Gemini

Industry

Wholesale

Description

Company Description About us: Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €31.6 Billion international wholesaler with operations in 32 countries through 625 stores & a team of 85,000 people globally. Metro operates in a further 10 countries with its Food Service Distribution (FSD) business and it is thus active in a total of 34 countries. MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide HR, Finance, IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers. Website: https://www.metro-gsc.in Company Size: 1050-1100 Headquarters: Pune, Maharashtra, India Type: Privately Held Inception: 2011 Job Description Embed application security controls into CI/CD pipelines to provide accurate, actionable, and timely feedback to engineers. Support the investigation, remediation, and validation of application security findings including the management of exceptions and false positives. Conduct targeted code reviews in partnership with engineers and platform teams to identify security issues early and improve coding practices Implement and maintain security controls, integrations, and automations required to ensure security and privacy by default across applications and their APIs. Perform threat modeling exercises to identify abuse cases, threat actors, and appropriate preventative and detective controls Participate actively in the engineer community led by METRO Corporate Information Security to define best practices, align way-of-working, prioritize and execute on the needed activities across application and API platforms. Qualifications Security experience in one, or more of the following: Application security experience identifying, investigating, and remediating vulnerabilities across all stages of the SDLC. Hands on experience writing and reviewing code and contributing to developer workflows such as design reviews, planning, and implementation. Proven experience designing, implementing, and improving security tooling and CI/CD integrations, with focus on reducing noise and prioritizing risk. Strong focus on developer experience with the ability to communicate security issues clearly. Familiarity with application architectures, including monolithic and microservice based designs. Solid understanding of frameworks such as OWASP Top 10, SAMM, ASVS, and FIRST principles Comfort working across one or more programming languages such as Java, C++, Python, JavaScript or similar. And: Experience with LLMs, AI, and agentic coding platforms such as Github Co-pilot, Gemini, or Claude Code. Proven experience as a security subject-matter expert, mentoring and raising awareness to security mandates. Work Model: On-Site

Responsibilities

The role involves embedding application security controls into CI/CD pipelines to provide timely feedback to engineers and supporting the investigation and remediation of security findings. Responsibilities also include implementing security automations and performing threat modeling exercises.