Employment Opportunities

Senior SecDevOps analyst-developer

Ref.: 1033

Experience: 3-5 years
Country: Spain
City:  Madrid - Tres Cantos

Description

We at GMV are looking for an IT security specialist with at least 4 years’ experience in code analysis and SecDevOps environment. The successful candidate will lead a team of SecDevOps specialists. This team is in charge of driving the implementation of a cybersecurity control system in the software lifecycle and subsequent service operation. The main tasks are:

  • Leading cybersecurity integration and design tasks as part of the lifecycle of the software development.
  • Follow up work-team tasks.
  • Client liaison.
  • Collaborating with the client to define the best way of optimizing their process security during the lifecycle of the developed software.
  • Static Application Security Testing (SAST) and checking for code vulnerabilities with various automatic tools.
  • Dynamic Application Security Testing (DAST) and checking for vulnerabilities with various automatic tools.
  • Process automation.
  • Technical liaison with automation-related organizations, CI/CD and SecDevOps.
  • Providing vulnerability-correction support and consultancy for developer teams.
  • Application security vulnerability management.
  • Creation of automation tools and scripts that allow developers to phase in the security analysis services and integrate them into the agile development methodologies.
  • Automatic deployment of applications and infrastructure using containers.

Requirements

- Qualification: Electronics, IT engineering or similar
- Level of English: High
- Technical knowledge:  

  • Vulnerability management (OWASP, CWE)
  • Backend development (Python, Java, C++, JS...)
  • SecDevOps methodology
  • CI/CD continuous integration environments
  • Code repositories (Git,SVN…)
  • Orchestration tools (Jenkins, Bamboo)
  • SAST tools (Checkmarx, Kiuwan, Veracode, Fortify)
  • DAST tools (APPScan, APPSpider)
  • Operating systems (Linux, Windows)
  • Use of containers (Docker, Kubernetes)

- Desirable knowledge:

  • Certifications (CEH, CISSP, DSOE, DevOps Foundation)
  • Database management (SQL Server, MySQL)
  • Task management tools (Jira, Redmine, Taiga)

 

Related vacancies