- You will architect, design and implement Emma's technology platform, supporting our ambitious business growth.
- You will improve the existing cloud-based (AWS) CI/CD enabling a seamless and secure software development experience that empowers tech product teams to autonomously deliver working increments of software and self-operate them (‘you build it - you run it' approach).
- You will implement infrastructure tasks abstraction for software developers in Infrastructure-as-Code fashion using Pulumi.
- You will implement comprehensive infrastructure and application monitoring/logging, error detection and countermeasure automation.
- You will drive continuous and secure delivery practices (deployment automation, trunk-based development, test automation, test data management, ....
- You will fully own, i.e. develop, maintain and operate (full DevOps) your team's tech stack.
- You will be a team player as part of an agile, empowered team and contribute to the development of fellow software engineers.
- You will ensure that information security is integrated into all aspects of the software development lifecycle, including but not limited to:
- You have experience designing and implementing security controls for cloud infrastructure
- You stay current with industry trends and new technologies to improve security processes and procedures continuously.
- You have participated in incident response and post-incident (post mortem) review processes.
- You have experience developing and maintaining security documentation and policies.
- You have several years of proven experience in software and infrastructure operations and incident management (24/7), ideally in an E-commerce business.
- You have a deep understanding of DevOps and SRE practices.
- You have experience in CI/CD (GitHub, or similar) solutions and cloud infrastructure virtualization with Kubernetes & Docker.
- You have experience with Infrastructure as Code (Pulumi, Terraform or similar).
- You have good experience in infrastructure automation coding using scripting (Shell, Python or equivalent).
- You have good experience with Linux-based servers. (EC2, Beanstalk, Kubernetes).
- You have good experience with public clouds, ideally AWS (network, firewall, databases, etc.).
- You have good understanding of ISO/OSI networking protocols (TCP/IP, DNS, HTTP, etc.).
- You have experience working with encryption and/or cryptography technologies such as TLS, HTTPS, etc.
- You have an extensive experience in Pentesting and/ or incident response.
- A combination of personal and company growth to accelerate your career and help you reach your goals.
- The chance to work on exciting and challenging projects either independently or as part of a dedicated, international team.
- A big focus on Team building (e.g., hosting face-to-face events, virtual book clubs, virtual hangouts etc.)
- Responsibility and decision-making authority from day one—you'll create an impact with new, innovative ideas and help shape our company DNA.
- To work and learn from experts in diverse fields and get to know your team members at exciting company events.
Company
Location
Lisbon - Portugal
Job type
Full-Time
Python Job Details
DevSecOps Software Engineer
You will architect, design and implement Emma's technology platform, supporting our ambitious business growth. You will improve the existing cloud-based (AWS) CI/CD enabling a seamless and secure software development experience that empowers tech product teams to autonomously deliver working increments of software and self-operate them (‘you build it - you run it' approach). You will implement infrastructure tasks abstraction for software developers in Infrastructure-as-Code fashion using Pulumi. You will implement comprehensive infrastructure and application monitoring/logging, error detection and countermeasure automation. You will drive continuous and secure delivery practices (deployment automation, trunk-based development, test automation, test data management, .... You will fully own, i.e. develop, maintain and operate (full DevOps) your team's tech stack. You will be a team player as part of an agile, empowered team and contribute to the development of fellow software engineers. You will ensure that information security is integrated into all aspects of the software development lifecycle, including but not limited to: o Active scanning for bad coding practices, e.g. credential spilling to code repository o Integration of code quality analysis in CI/CD processes (i.e. automated scanning for ‘code smells') o Tracking and enforcing application of relevant standards, such as OWASP top 10 o Frequent monitoring of relevant security bulletin / notifications (i.e. CVE scanning) o Checking and updating of used 3rd party dependencies (immediate after CVE severity 7 and higher reports) o Security monitoring, detection, and response o Regular performance of internal and/or external Information-Security checks (e.g. security audits, vulnerability/bug bounties, penetration testing, game days, ...) o Planning & testing of crisis reaction practices in case of cyber-attack incidentsWhat you'll do:
o Active scanning for bad coding practices, e.g. credential spilling to code repository
o Integration of code quality analysis in CI/CD processes (i.e. automated scanning for ‘code smells')
o Tracking and enforcing application of relevant standards, such as OWASP top 10
o Frequent monitoring of relevant security bulletin / notifications (i.e. CVE scanning)
o Checking and updating of used 3rd party dependencies (immediate after CVE severity 7 and higher reports)
o Security monitoring, detection, and response
o Regular performance of internal and/or external Information-Security checks (e.g. security audits, vulnerability/bug bounties, penetration testing, game days, ...)
o Planning & testing of crisis reaction practices in case of cyber-attack incidents
What we are looking for:
This is what we offer:
More Developer Job Boards
Fullstack Developer Jobs Golang Jobs JavaScript Jobs Python Jobs React Jobs Rust Jobs Java Jobs