- Portugal | Lisbon
- Full Time
As a DevSecOps engineer, you will be an important member of our team and help set and advance the security direction for the whole company.
What you’ll be doing:
- Evaluate, select, design, and configure security infrastructure systems in a global environment.
- Support and conduct internal audits, help mitigate findings and implement improvement measures.
- Identify, integrate, monitor, and improve infosec controls by understanding business processes.
- Work along with the DevOps Engineers enhancing the security direction for the organization.
- Troubleshoot security system and related issues.
- Assist with complex projects and ongoing support of security operations.
- Conduct network and system tests via simulation or other means to highlight and find any weaknesses that may be exploited.
- Assist in defining security requirements and review of system to determine if they have been designed to comply with established security standards. Develop new standards as necessary.
- Build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology.
- Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
- A part of Agile development teams to deliver an end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment.
- Proven 5+ years of experience in application development (DevOps)
- Bachelor’s or master’s degree in Computer Science, Telecommunications or Information Security
- Has a passion for Security, Agile, and DevOps
- Experience in management and definition of security in the software development lifecycle (SDLC)
- Working knowledge of Waterfall, Agile and primarily DevOps development methodologies
- Experience in software development and SDLC in Java, Python, C#, etc
- Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc
- Experience conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis)
- Understanding of virtualization and container technologies (Docker, Kubernetes, OpenShift, …)
- Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 1
- Experience in Web and/or Mobile applications and common vulnerabilities
- Excellent coordination and communication skills, business writing skills.
- English: Advanced
As a plus:
- Knowledge of security in micro-services
- Certifications from pentestingpen testing vendors (OSCP, CEH,…CEH,)
- At least 1 year of experience in Application Security Testing.
We design & build digital product experiences which delight. Windmill is a product delivery company dedicated to delivering impactful digital products and solutions that resolve modern challenges. Our clients range from start-ups to multinational banks and corporations. And we build our own products too as part of Windmill Ventures.
We’re a global operation headquartered in Switzerland, with employees based in the UK, USA, Portugal, Ukraine and India.
What we offer
- Flexibility to work from where, when, and how you like. As long as you meet the requirements of your role and are available for key meetings, the how is up to you
- Competitive compensation and benefits
- Working as part of a diverse, international team
- Interesting tasks and challenges, where you can be creative and take ownership
- Opportunities for career enhancement
- Regular reviews supported by our HR team aligned with promotional cycles
Equal Opportunities at Windmill:
Windmill Digital is an equal opportunities employer that strongly believes in workplace diversity. We consider all applicants regardless of their age, religion, ethnicity, sexual orientation or disability.
Think you’d be a good fit for the role? Send us your CV and have a chat with one of the team.
For more information, please visit our company website: https://www.windmill.digital.