DevSecOps Software Engineer
Lisbon
Emma
Enjoy your best sleep ever with Emma's award-winning, ergonomically designed mattress and bed essentials. Free delivery & returns. Shop now!We are Emma – The Sleep Company. Created in 2013, we are now the world's largest D2C sleep brand, available in over 30 countries and recommended by many consumer associations in EMEA, APAC, and the Americas. We're pushing the boundaries of technology to transform the world of sleep and we want your help to pull it off. We're a highly ambitious, hard-working team that pushes you to produce your best work yet. We focus on how we approach problems, we chase growth, and set ambitious goals. Want your ideas to have an impact and your career to grow? Then Emma is the right place for you.
What you'll do:
- You will architect, design and implement Emma’s technology platform, supporting our ambitious business growth.
- You will improve the existing cloud-based (AWS) CI/CD enabling a seamless and secure software development experience that empowers tech product teams to autonomously deliver working increments of software and self-operate them (‘you build it – you run it’ approach).
- You will implement infrastructure tasks abstraction for software developers in Infrastructure-as-Code fashion using Pulumi.
- You will implement comprehensive infrastructure and application monitoring/logging, error detection and countermeasure automation.
- You will drive continuous and secure delivery practices (deployment automation, trunk-based development, test automation, test data management, ....
- You will fully own, i.e. develop, maintain and operate (full DevOps) your team’s tech stack.
- You will be a team player as part of an agile, empowered team and contribute to the development of fellow software engineers.
- You will ensure that information security is integrated into all aspects of the software development lifecycle, including but not limited to: o Active scanning for bad coding practices, e.g. credential spilling to code repositoryo Integration of code quality analysis in CI/CD processes (i.e. automated scanning for ‘code smells’)o Tracking and enforcing application of relevant standards, such as OWASP top 10o Frequent monitoring of relevant security bulletin / notifications (i.e. CVE scanning)o Checking and updating of used 3rd party dependencies (immediate after CVE severity 7 and higher reports)o Security monitoring, detection, and responseo Regular performance of internal and/or external Information-Security checks (e.g. security audits, vulnerability/bug bounties, penetration testing, game days, ...)o Planning & testing of crisis reaction practices in case of cyber-attack incidents
What we are looking for:
- You have experience designing and implementing security controls for cloud infrastructure
- You stay current with industry trends and new technologies to improve security processes and procedures continuously.
- You have participated in incident response and post-incident (post mortem) review processes.
- You have experience developing and maintaining security documentation and policies.
- You have several years of proven experience in software and infrastructure operations and incident management (24/7), ideally in an E-commerce business.
- You have a deep understanding of DevOps and SRE practices.
- You have experience in CI/CD (GitHub, or similar) solutions and cloud infrastructure virtualization with Kubernetes & Docker.
- You have experience with Infrastructure as Code (Pulumi, Terraform or similar).
- You have good experience in infrastructure automation coding using scripting (Shell, Python or equivalent).
- You have good experience with Linux-based servers. (EC2, Beanstalk, Kubernetes).
- You have good experience with public clouds, ideally AWS (network, firewall, databases, etc.).
- You have good understanding of ISO/OSI networking protocols (TCP/IP, DNS, HTTP, etc.).
- You have experience working with encryption and/or cryptography technologies such as TLS, HTTPS, etc.
- You have an extensive experience in Pentesting and/ or incident response.
This is what we offer:
- A combination of personal and company growth to accelerate your career and help you reach your goals.
- The chance to work on exciting and challenging projects either independently or as part of a dedicated, international team.
- A big focus on Team building (e.g., hosting face-to-face events, virtual book clubs, virtual hangouts etc.)
- Responsibility and decision-making authority from day one—you'll create an impact with new, innovative ideas and help shape our company DNA.
- To work and learn from experts in diverse fields and get to know your team members at exciting company events.
Emma is transforming the world of sleep - and we want the highest-performing people to help us pull it off. We want you. But only if you're willing to go all in. Only if you're willing to question, disrupt, innovate, and create from the ground up.
We proudly celebrate diversity. We are an equal-opportunity employer committed to promoting inclusion in our workplace. We consider all qualified applicants for employment without regard to race, ethnic origin, religion or belief, gender, gender identity or expression, sexual orientation, national origin, disability, or age.
Our aim is to get back to you in a couple of days, however, we are currently receiving a large number of applications and this might lead to a delay in the process. We will get back to you as soon as possible!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits Automation AWS CI/CD Cloud Cryptography DevOps DevSecOps DNS Docker EC2 E-commerce Encryption Firewalls GitHub Incident response Kubernetes Linux Monitoring OWASP Pentesting Python Scripting SDLC TCP/IP Terraform TLS
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs