DevSecOps

DevSecOps

(f/m)

Located in Romania (Bucharest)

Looking for your next career challenge?

You’ve found it!

Come join us and take your career to the next REVELSI!

About the Company

REVELSI is a cybersecurity company structured on three main pillars - information security, infrastructure, and software development. Our top priority is safeguarding the fast-evolving global infrastructures and technologies. We integrate cybersecurity into infrastructure development and operational processes, alongside software development, to proactively stay at the leading edge of industry advancements.

About the Role

A DevSecOps Engineer is responsible for integrating security practices into the DevOps pipeline to ensure the continuous delivery of secure and reliable software applications. The role involves collaborating with development, operations, and security teams to implement security controls, automate security testing, and monitor the security posture of the software development lifecycle.

Responsibilities

• Security Integration: Work closely with development and operations teams to embed security practices and controls within the DevOps pipeline, ensuring security is considered from the initial design phase through deployment;
• Security Automation: Develop and maintain automation scripts, tools, and processes for security testing, vulnerability scanning, and code analysis;
• Automate security tests to identify vulnerabilities early in the development cycle;
• Continuous Monitoring: Implement and manage security monitoring and logging solutions to detect and respond to security threats and anomalies in real-time. Monitor application and infrastructure logs to identify potential security issues;
• Vulnerability Management: Identify, assess, and prioritize security vulnerabilities in applications and systems. Coordinate with development teams to ensure timely patching and mitigation of identified vulnerabilities;
• Security Review and Testing: Conduct security reviews of architecture designs, code changes, and infrastructure configurations. Perform security testing, such as static analysis, dynamic analysis, and penetration testing;
• Security Best Practices: Provide guidance to development and operations teams on security best practices, secure coding techniques, and compliance with relevant security standards (e.g., OWASP, NIST, ISO);
• Incident Response: Collaborate with incident response teams to develop and maintain incident response plans. Participate in security incident response activities and contribute to post-incident analysis and improvement initiatives;
• Documentation: Maintain clear and comprehensive documentation of security procedures, configurations, and guidelines. Develop and update documentation to reflect changes in the security landscape;
• Collaboration: Foster a collaborative culture between development, operations, and security teams. Act as a bridge between different departments, ensuring effective communication and cooperation;
• Security Awareness: Organize security awareness training and workshops for development and operations teams to enhance their understanding of security risks and best practices;

Qualifications

Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience);

Required Skills

• Solid understanding of DevOps principles, CI/CD pipelines, and infrastructure-as-code (IaC) concepts;
• Proficiency in scripting and programming languages (e.g., Python, Bash, PowerShell, Ruby);
• Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud) and containerization technologies (e.g., Docker, Kubernetes);
• Strong knowledge of security principles, best practices, and common vulnerabilities (e.g., OWASP Top Ten);
• Experience with security tools such as static analysis tools, dynamic analysis tools, vulnerability scanners, and intrusion detection/prevention systems;
• Ability to work with various stakeholders to balance security requirements with business needs;
• Excellent communication skills and the ability to explain complex security issues to technical and non-technical audiences.

Work Schedule:

Monday to Friday: 13:00 - 22:00/ 15:00 - 00:00 (slightly flexible) - 1 hour lunch break Hybrid work

We Value Our Employees

At REVELSI, we focus on ensuring you a benefit package that will take care of your health, wealth and well-being.

• Private Healthcare at Regina Maria;
• Medical Assurance at Signal Iduna;
• Private dental services: exclusive benefits at Life Dental Spa clinics;
• Edenred meal tickets;
• Referral Bonus;
• Training and growth opportunities;
• Team buildings;
• Pizza day at the office and free drinks;
• Christmas/Easter gifts;
• 21 days of PTO per year, plus additional days based on seniority (up to 25 days).

Equal Opportunity Statement

REVELSI is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.