As a DevSecOps Engineer, what are you going to do?
- Identify security vulnerabilities in the system and implement necessary solutions to remediate the vulnerabilities;
- Review cloud and on-premises deployment architectures and implement required security controls;
- Identify manual processes that can be smartly automated;
- Ensure security best practice is followed and provide solutions to improve existing infrastructure processes in the company;
- Design & Implement secure software development life cycle;
- Define applications security architecture elements;
- Set security best practices for cloud security;
- Define documentation of security requirements for applications (web, mobile, host, SOA, etc.);
- Mentor other engineers, define our technical culture, and help build a fast-growing team;
- Contribute to tool evaluation, selection and recommendation internally
- Provide advisory to different groups (Business Consultants, Product Management, Professional Services, etc.);
- Participate in execution of training program for different teams;
- Work with senior management on defining roadmaps, needs and provide short and mid-term forecasting;
- Contribute to as a Subject Matter Expert & internal professional community
What are the skills and professional experience we’re expecting from you?
- Master’s degree in computer science, Telecommunications or Information Security;
- Certifications such as CSSLP, CISSP, CISA, etc. are preferred;
- Certifications from pentesting vendors (OSCP, CEH,…) are preferred;
- SAST & DAST tools related education and certificates are beneficial;
- At least 3 years of experience in the Application Development (DevOps);
- At least 1 year of experience in Application Security Testing;
- Hands-on experience in Cloud Environments and on-premises Data Centre;
- Good skills in at least one or more scripting languages; Python, or Shell/PowerShell;
- Experience in management and definition of security in the software development lifecycle (SDLC);
- Working knowledge Agile and primarily DevOps development methodologies.
- Experience in software development and SDLC in Java, Python, C#, etc…;
- Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis);
- Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift);
- Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10;
- Knowledge of securing APIs;
- Experience in Web and/or Mobile applications and common vulnerabilities;
- Knowledge of security in micro-services is beneficial;
- Communications skills including the ability to understand client process in any area in detail;
- Excellent coordination and communication skills;
- Business writing skills (capturing needs and writing it down on formal documents);
- Reliable and with attention to detail.
Some of the cool reasons to work with us:
- Portuguese multinational company, with almost 20 years of expertise;
- Tech company with amazing products using biometric data, working with singular industries such as Airports and Airlines;
- HQ in Portugal but with offices spread all over the world;
- Work in a multicultural environment, with colleagues from every corner of the globe.
Want to apply?
Upload your CV here* (max. 4MB)
Upload your photo or video here (max. 4MB)