Empresa:

QUANTEAM - Portugal (RAINBOW PARTNERS Group)

Descrição da Função

Who are we?

As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in the fields of Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 980 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto and Casablanca. Committed to sustainability (Ecovadis Gold), diversity (gender index: 92%), and quality of work life (Best Workplace Experience), Quanteam is a forward-thinking enterprise.

Our Expertise

With a dual expertise in both business and IT, Quanteam supports its corporate clients (investment banks, asset management companies, private and retail banks, custodians, etc.) across the entire Front-to-Back spectrum in evolving their business activities and transformation projects.

Our teams are organized into 5 expertise areas:

Quantitative Finance

Risk, Compliance, and Regulatory

Operations and Finance

Transformation and Organization

Information Systems

In 2023, Quanteam generated a revenue of €74.6 million.

We are looking for a Senior DevSecOps Engineer

MAIN TASKS:

As a Senior DevSecOps Engineer, you will play a critical role in integrating security practices within the DevOps lifecycle. You will work closely with development, operations, and security teams to ensure our systems and applications are designed and maintained with the highest security standards. Your main responsibilities will include:

• Design, implement, and maintain secure CI/CD pipelines.
• Integrate security tools (SAST, DAST, dependency scanning) into development workflows.
• Monitor and assess vulnerabilities across applications and infrastructure.
• Automate security controls, governance processes, and compliance validation.
• Collaborate with development teams to promote secure coding practices.
• Support incident response and forensics in case of security breaches.
• Evaluate and recommend security tools and practices.
• Ensure compliance with relevant regulatory and security standards (e.g., GDPR, ISO, NIST).

YOUR PROFILE AND SKILLS:

• Experience: Minimum of 5 years in DevOps or Cloud Engineering, with at least 2 years focused on DevSecOps or application security.
• Security Knowledge: Strong understanding of secure SDLC, threat modeling, and vulnerability management.

Tools & Technologies:

• Proficiency with CI/CD platforms (e.g., GitLab CI, Jenkins, Azure DevOps).
• Experience with security tools (e.g., SonarQube, OWASP ZAP, Snyk, Fortify, Aqua, etc.).
• Container security expertise (Docker, Kubernetes, Helm).
• Infrastructure as Code (IaC) using tools like Terraform, Ansible, or CloudFormation.

Cloud Platforms: Hands-on experience with AWS, Azure, or GCP.

Scripting & Automation: Strong skills in Bash, Python, or similar scripting languages.

Soft Skills:

• Excellent problem-solving and analytical skills.
• Strong communication skills and ability to work in cross-functional teams.
• Autonomous and proactive mindset with attention to detail.

Nice to Have:

• Certifications such as AWS Certified Security - Specialty, GIAC DevSecOps, or Certified DevSecOps Professional.
• Experience with compliance frameworks (SOC2, PCI-DSS, ISO 27001).

• Languages: English (C1 level required), French is a plus
• Hybrid role based in Porto.

If you feel this opportunity is for you, send your CV and join our team!

Observações

Porto (Portugal)