Principal DevSecOps Engineer
Storio groupNetherlands3 days ago
Full-timeEngineering, Information Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Make Your Mark as a Security Engineer at Storio group
About The Role
You will work closely with other departments, such as SRE, following a security-first methodology known as SecDevOps. Your goal is to move beyond traditional "gatekeeping" to build a frictionless, automated security environment. Your primary mission is to engineer the guardrails that allow development teams to innovate at speed while ensuring the platform remains secure by design through a "shift-left" approach. You will not just identify risks; you will architect the automation that detects and mitigates them, ensuring digital defenses remain agile and responsive to evolving threats.
How You Embrace Curiosity Daily
At Storio Group, we help people hold onto life's moments. We make personalised photo products that turn fleeting memories into things you can keep, share, and re-live.
Every person at Storio Group helps create our products and shape our company. You will see the impact of your work daily. We invite you to make your mark on our business, products, and customers' lives.
We act with heart by putting people first and valuing diverse perspectives. We give our best and aim for high standards in all we do. We own our work, taking initiative to find solutions. We embrace curiosity, always learning and trying new things. We find the joy in our work and create a positive environment.
Equal Opportunities & Right to Work
Storio Group is an equal opportunity employer, celebrating diversity and fostering an inclusive environment. If you require reasonable adjustments during interviews please contact our HR team.
Applicants must also have the legal right to work in the position's country without requiring sponsorship.
About The Role
You will work closely with other departments, such as SRE, following a security-first methodology known as SecDevOps. Your goal is to move beyond traditional "gatekeeping" to build a frictionless, automated security environment. Your primary mission is to engineer the guardrails that allow development teams to innovate at speed while ensuring the platform remains secure by design through a "shift-left" approach. You will not just identify risks; you will architect the automation that detects and mitigates them, ensuring digital defenses remain agile and responsive to evolving threats.
How You Embrace Curiosity Daily
- CI/CD Pipeline Security: Lead the implementation and maintenance of automated security controls (SAST, SCA, IaC scanning) within the build pipeline to identify vulnerabilities early in the software development lifecycle.
- Vulnerability Management Operations: Oversee the daily operational triage of security findings. You will focus on reducing noise by tuning scanners, filtering false positives, and routing valid issues to the appropriate engineering backlogs.
- Platform Hardening & Defense: Execute targeted remediation campaigns to address infrastructure risks (e.g., cloud storage configurations, IAM privileges, container security) and maintain perimeter defenses (AWS WAF, Shield).
- Engineering Enablement: Act as the primary technical consultant for development teams. You will troubleshoot security-related build failures and provide "secure-by-default" infrastructure templates to streamline secure development.
- Security Automation: Develop custom scripts and automation workflows to detect vulnerable components across repositories and integrate disparate security tools into a cohesive ecosystem.
- Remediation Verification: Close the loop on security risks by validating that deployed fixes effectively resolve identified vulnerabilities.
- You reduce noise for our engineers by tuning scanners and filtering out false positives
- You act as the go-to technical consultant for teams looking to build more secure products
- You drive remediation campaigns that strengthen our perimeter defenses like AWS WAF and Shield
- You ensure our digital defenses stay agile and ready for any evolving threats
- You take ownership of the vulnerability lifecycle from initial discovery to the final fix
- You help foster a culture where every engineer feels empowered to prioritize security
- Professional Background: A strong foundation in DevOps or Platform Engineering with a demonstrated specialization in security.
- AWS Security Portfolio: In-depth, hands-on experience with the AWS Security ecosystem is a must. You should be proficient in deploying, tuning, and operationalizing services such as GuardDuty, Security Hub, Inspector, AWS WAF, Shield, and IAM Access Analyzer.
- Scripting & Automation: Proficiency in scripting languages is essential for building custom tooling and gluing systems together. You must be capable of writing robust code in languages such as Python and Bash.
- Technical Proficiency: Extensive experience with CI/CD workflows and Infrastructure as Code (IaC) tools such as Terraform.
- Automation Mindset: A proactive approach to problem-solving where you prioritize scripting and automation over manual verification.
- Operational Excellence: Proven experience in triaging security findings, managing vulnerability lifecycles, and driving remediation efforts.
- Collaborative Communication: The ability to articulate complex technical security issues to developers and act as a supportive partner in resolving them.
- Familiarity with container orchestration security (Kubernetes/EKS).
- Familiarity with using (agentic) AI to enhance good security practices.
- Experience managing bug bounty programs and triaging external vulnerability reports.
- Experience contributing to security awareness training programs for developers
At Storio Group, we help people hold onto life's moments. We make personalised photo products that turn fleeting memories into things you can keep, share, and re-live.
Every person at Storio Group helps create our products and shape our company. You will see the impact of your work daily. We invite you to make your mark on our business, products, and customers' lives.
We act with heart by putting people first and valuing diverse perspectives. We give our best and aim for high standards in all we do. We own our work, taking initiative to find solutions. We embrace curiosity, always learning and trying new things. We find the joy in our work and create a positive environment.
Equal Opportunities & Right to Work
Storio Group is an equal opportunity employer, celebrating diversity and fostering an inclusive environment. If you require reasonable adjustments during interviews please contact our HR team.
Applicants must also have the legal right to work in the position's country without requiring sponsorship.
Key Skills
Ranked by relevanceReady to apply?
Join Storio group and take your career to the next level!
Application takes less than 5 minutes