Devoteam Cyber Trust | DevSecOps Engineer Lisboa

Devoteam Cyber Trust | DevSecOps Engineer
Lisboa
Lisboa, Lisboa, Portugal

Devoteam

Transform your business with Devoteam, the AI-driven tech consulting. Become a leading company embracing AI for sustainable value.

Devoteam Cyber Trust is the Cybersecurity specialist arm of the Devoteam Group. With our 800+ experts located across EMEA, we aim to establish cybersecurity as an enabler of business success rather than a gatekeeper. We leverage an
-
- end approach to Cyber Resilience, Applied Security, and Managed Security services to secure the tech journey of large and
- sized companies from all sectors and industries.

Since 2009, previously known as INTEGRITY, our team based in Portugal is specialised in providing
- edge Managed Security Services that combine its expertise and proprietary technology to consistently and effectively reduce the cyber risk of our clients. The comprehensive service range includes Persistent Intrusion Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management.

Job Description

We are seeking an experienced Dev
Sec
Ops Engineer to integrate security practices into our software development lifecycle (SDLC) and infrastructure management processes. This role will focus on implementing secure coding practices, automating security processes, and enhancing our overall application and infrastructure security posture.

The candidate will have the following duties/responsibilities:

• Develop and implement secure coding practices and guidelines for development teams;
• Create and maintain infrastructure as code (Ia
  C) using tools like Terraform, with a focus on security best practices;
• Implement and manage service account rotation practices across our cloud environments;
• Develop automation scripts and tools in Go to enhance security processes;
• Conduct code reviews with a security focus, particularly for Go-based projects;
• Design and implement a centralised secrets management solution;
• Enhance and secure CI/CD pipelines, integrating security checks and tests;
• Implement and manage container security practices;
• Collaborate with development, operations, and security teams to integrate security throughout the SDLC;
• Develop and maintain security documentation for development and operations processes;
• Assist in security incident response related to application and infrastructure issues;
• Implement and manage security monitoring and logging solutions for applications and infrastructure;
• Automate security testing and integrate it into the development process.

Qualifications

The candidate should have:

• 5+ years of experience in Dev
  Ops or software development roles, with a strong focus on security;
• Experience with the Go programming language;
• Strong understanding of secure coding practices and common vulnerabilities (e. g. , OWASP Top 10);
• Experience with infrastructure as code tools, particularly Terraform;
• Hands-on experience with CI/CD tools (e. g. , Jenkins, Git
  Hub, Bit
  Bucket);
• Knowledge of container technologies (Docker, Kubernetes) and associated security practices;
• Experience with cloud platforms, particularly GCP and AWS;
• Experience with secrets management tools (e. g. , Hashi
  Corp Vault, AWS Secrets Manager, GCP Secret Manager);
• Understanding of identity and access management (IAM) concepts and service account management;
• Experience with security testing tools and practices (SAST, DAST, SCA).

Preferred Qualifications:

• Relevant certifications (e. g. , CSSLP, AWS Certified Dev
  Ops Engineer, Google Cloud Professional Dev
  Ops Engineer);
• Knowledge of compliance requirements related to application security (e. g. , PCI DSS, ISO27001).

What we offer:

• Professional development and monitoring talent;
• Commitment to our employees' development;
• Collaboration in a company that is constantly growing and evolving;
• Strong organisational culture: collaboration, sharing, flexibility, integrity and low ego.

Would you like to join our team? Then send your CV.