Devsecops/secdevops

**DevSecOps/SecDevOps**:

- Lisboa - Published on October 17, 2024Description

Noesis is looking for professionals whith the following profile:
**Main Tasks and Responsibilities**:
**Typical work-day**:

- Do you love solving complex technical issues and interacting with people?
- Interact with the sec champions guild to gather feedback in order to improve the AppSec processes;
- Develop and enforce secure coding practices for the different development teams;
- Collaborate with development teams to ensure secure software development lifecycle - SDLC - practices are followed;
- Provide guidance on security assessments and code reviews to identify vulnerabilities;
- Conduct threat modelling exercises;
- Stay up-to-date with the latest security trends and technologies;
- Validate AppSec pipeline adoption and remove blockers for widespread adoption;
- Review app lifecycle and validate it’s security posture

**What we are looking for**:

- Developer at heart, not just a sec person;
- Need to speak and breath dev sec;
- Think Sec, Dev and Ops at scale and automated;
- Able to manage a team of hackers and at the same time, be a team player and a great communicator;
- Must be able to help teams to identify, and manage a guild of sec. champions (developer advocates);
- Responsible and accountable to interact with the identified champions to evangelize and promote App sec best practices within the different teams.

**Requirements**:

- Min. 4 years of experience in DevSecOps/SecDevOps;
- Familiarity with common security libraries, security controls, and common software vulnerabilities;
- Familiarity with SSDLC and CI/CD best practices;
- Experience with security testing tools and methodologies;
- Familiarity with cloud environments (AWS, Azure, GCP) and 0 trust architecture;
- Tools and tech stack : terraform / IaC, github / Gitlab, docker, 0 trust, pipelining, trivvy / anchore, cloud native architectures, python, node;
- Familiarity with industry compliance and security standards including, NIST CSF, NIST SP800-53, QNRCS, NIS 2.0, OWASP, CIS Controls, Mitre Attack and ISO 27000 series;
- Excellent problem - solving skills and attention to detail;
- Strong communication and interpersonal skills;
- Shift - left ambassador;
- Pivotal between Cloud & Devops, SoC, GRC and delivery areas;
- Foster AppSec culture and awareness;
- English mandatory.

**Work regime**:Hybrid, Lisbon or Porto

**Join us. Let’s innovate together**

**Details**
CATEGORY
Computing and telecommunications
SUBCATEGORY
Hardware, networks and security
SECTOR
Programming, consulting and other computing activities
WORKDAY
Full Time
PROFESSIONAL LEVEL
Specialist
DEPARTAMENT
Computing