DevSecOps (Lisbon / Porto - Hybrid)

We're fast
learners, hard workers, natural collaborators... and we Make Modern Happen!

Our
ambition is to unlock the potential of our digital world so that organisations
everywhere can innovate and thrive securely. We aim to achieve this goal by
bringing together the world’s most talented people and the most powerful
technologies, combining them to address our customers' challenges and to build
something stronger together.

If you
share our vision, join us!

Right now,
we are looking for a DevSecOps for a client on our Talent Team.

Your
responsibilities include:

•  Integrate security controls into
  CI/CD pipelines.
  
• Automate vulnerability analysis
  processes and security testing throughout the development lifecycle.
  
• Implement SAST, DAST, SCA, and
  container scanning tools.
  
• Collaborate with development teams
  to ensure the adoption of secure coding best practices.
  
• Define and implement security
  policies in Infrastructure as Code (IaC).
  
• Monitor vulnerabilities in
  dependencies, libraries, and container images.
  
• Support the design of secure
  architectures for cloud applications and microservices.
  
• Implement secrets and credentials
  management mechanisms.
  
• Contribute to the automation of
  compliance and security checks in delivery processes.
  
• Collaborate with security teams in
  the response and mitigation of identified vulnerabilities.
  

You must
have:

• Experience in DevOps, DevSecOps, or application
  security.
  
• Knowledge of CI/CD pipelines (e.g., Jenkins, GitLab
  CI/CD, GitHub Actions, Azure DevOps).
  
• Experience with Infrastructure as Code (e.g.,
  Terraform, ARM, CloudFormation).
  
• Knowledge of containers and orchestration (Docker,
  Kubernetes).
  
• Experience with Kubernetes security;
  
• Knowledge of OWASP Top 10 and secure coding practices
  
• Experience with secrets management (e.g., Vault, Azure
  Key Vault, AWS Secrets Manager)
  
• Experience with security monitoring and observability.
  

We Value:

• SAST (e.g., SonarQube, Checkmarx,
  Fortify)
  
• DAST
  
• SCA
  
• Container security scanning
  
• Knowledge of cloud platforms (Azure,
  AWS, or GCP)
  
• Experience in vulnerability
  management and application security
  

We offer:

• Integration into a dynamic and
  motivated team for the performance of the role.
  
• Additional training.
  
• Salary package according to the
  role performed.
  
• Professional development.
  

Workplace: Lisbon - Hybrid

Claranet, Make modern happen!