DevSecOps Engineer

As a Secure Supply Chain Software Engineer, you will be working for one of the most prestigious investment banks in the world. You will help design, build, and integrate security systems that protect applications across backend, frontend, infrastructure, and mobile environments. By leveraging third-party tools and in-house solutions, you will enhance the detection of vulnerabilities in libraries, OS components, and containers. Collaborating with development and infrastructure teams, you will embed security into workflows, ensuring the highest standards for secure software delivery.

Your main responsibilities:

• Build and design systems to secure the entire software supply chain
• Develop and integrate tools for detecting third-party vulnerabilities in dependencies and infrastructure
• Integrate security solutions with GitLab, CI/CD pipelines, and build attestation systems
• Partner with infrastructure and security teams to align security practices with development workflows
• Collaborate with developers to seamlessly embed security measures in their processes
• Ensure compliance with best practices in DevOps and secure development lifecycle (SDLC)
• Optimize performance, availability, and scalability of security systems
• Automate security monitoring and threat detection across distributed systems
• Improve software integrity through container security, infrastructure-as-code, and policy enforcement
• Contribute to incident response processes by analyzing and mitigating security risks

You're ideal for this role if you have:

• 3+ years of industry experience as a programmer, developer, SWE, or similar roles.
• Expertise in at least one programming language: Golang, Java, or Python
• Knowledge of Linux, Docker, Kubernetes, Terraform, and AWS
• Experience with DevOps and Infrastructure as Code (IAC) principles
• Understanding of networking protocols such as TCP, UDP, ICMP, DNS, TLS, and HTTP
• Experience securing CI/CD pipelines and integrating security tooling
• Familiarity with large-scale distributed systems and their security challenges
• Strong problem-solving skills and ability to work in a global organization
• Excellent communication skills, both written and verbal
• Highly motivated with a proactive approach to improving security processes

Nice to have:

• Experience with Kafka or similar event streaming platforms
• Knowledge of relational databases
• SRE best practices experience