CNAPP Platform Engineer
Indexed description
Global Cyber Security’s role is to inspire trust and confidence in our customers by enabling secure connectivity. Our purpose is to proactively protect Vodafone & its customers by reducing the risks posed by security threats to Vodafone’s global technology infrastructure and the sensitive data it holds.
Responsible for leading the design, integration, and optimization of enterprise DevSecOps capabilities with a primary focus on Vulnerability Management (VM), Application Security (AppSec), and Cloud-Native Application Protection Platforms (CNAPP). This role serves as a technical leader and strategic advisor driving secure-by-design practices across CI/CD pipelines and application ecosystems.
Partners closely with application engineering, cloud, and platform teams to embed security controls into development workflows, enabling scalable and automated security outcomes across hybrid and multi-cloud environments.
What You’ll Do
- Lead the design and implementation of DevSecOps frameworks integrating security into CI/CD pipelines;
- Act as a trusted advisor to application and platform teams, influencing secure coding, build, and deployment practices;
- Define and drive security guardrails, standards, and patterns for cloud-native and application environments;
- Serve as the primary technical owner for CNAPP platforms, including onboarding, configuration, policy management, and optimization;
- Integrate CNAPP insights into engineering workflows, ticketing systems, and reporting dashboards;
- Drive enterprise VM strategy for cloud, container, and application layers;
- Advance risk-based prioritization and remediation workflows integrated into CI/CD and developer tools;
- Partner with engineering teams to reduce mean time to remediation (MTTR) and improve vulnerability posture;
- Oversee integration and tuning of SAST, DAST, SCA, and container scanning tools within pipelines;
- Architect and implement security tooling integrations into CI/CD pipelines, ensuring minimal developer friction;
- Enable shift-left security practices with automated checks, policy enforcement, and feedback loops;
- Collaborate with DevOps teams to standardize pipeline security templates and reusable modules;
- Work closely with cloud engineering, SRE, infrastructure, and application teams to align on security priorities;
- Influence vendor strategy and tool selection for DevSecOps and CNAPP capabilities;
- Represent security in architecture reviews, change control boards, and major transformation initiatives;
- Define and track KPIs such as vulnerability aging, pipeline coverage, and policy compliance;
- Lead continuous improvement initiatives to enhance automation, scalability, and developer experience
- BA/BS in Information Systems, Computer Science, or related field;
- Strong knowledge across multiple domains, including: Cloud Security (AWS, Azure, GCP), Application Security (SAST, DAST, SCA, IaC), Secrets Scanning, API Security, Cloud Security, Container & Kubernetes Security, Vulnerability Management & Risk Prioritization and Security Architecture & Design;
- Experience with infrastructure-as-code (IaC) security, API integrations, and automation scripting;
- Demonstrated ability to partner with engineering teams and influence security adoption without direct authority;
- Experience driving enterprise-wide security initiatives and standards;
- Knowledge of Wiz, Prisma Cloud, ICS (Rapid7) (CNAPP), Qualys, MEND, SonarQube (AppSec);
- Understanding of CI/CD platforms (GitHub AS, GitLab, SonarQube, Jenkins) and DevOps and Agile methodologies;
- Security certifications preferred (e.g., CISSP, CCSP, CSSLP, GWAPT, GCSA);
- Fluency in English
What's In It For You
- Hybrid Work Model - Flexible hybrid work model with 8-10 in-office days per month, managed by team leaders;
- Vodafone Products and Services - Employees get a mobile phone, free communication plan, data card, and various discounts on services and products;
- Recognition - Recognition programs for innovative, creative, high-potential employees and exemplary behaviors;
- Health and Well-being - Well-being Program offers nutrition and psychological consultations, webinars, workshops, and discounts on various services and products;
- Learning - Access to Communities of Practice and a customizable digital training platform with high-quality content (namely Harvard Business Publishing, Skillsoft and Speexx);
- Local and International Mobility - Internal recruitment with local and international rotation opportunities across departments and roles
Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.
If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.
Together we can.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search