Application Security, DevSecOps Specialist

Job not on LinkedIn

3 days ago

Apply Now

Receive Emails with Similar Jobs

NTT DATA Romania

WebsiteLinkedInAll Job Openings

Technology • Cybersecurity • Consulting

NTT DATA Romania is a technology and consulting company that provides a wide range of services including business analytics, agile transformation, cloud computing, cybersecurity, data consultancy, and IT service management. They are dedicated to helping organizations optimize their operations and navigate digital transformation through innovative technological solutions.

1001 - 5000 employees

🔒 Cybersecurity

📋 Description

• Incorporate security controls and standards into all phases of the software development lifecycle (SDLC). • Collaborate with developers to adopt secure coding practices, including OWASP compliance. • Conduct threat modeling and evaluate design documents to identify security vulnerabilities. • Establish security requirements and acceptance criteria for application development projects. • Design and implement security automation within CI/CD workflows using tools for SAST, DAST, IAST, SCA and compliance monitoring. • Develop custom security testing frameworks compatible with agile and DevSecOps models. • Conduct infrastructure-as-code (IaC) configuration checks and enforce compliance policies. • Automate secrets scanning, credential hygiene practices, and dependency vulnerability reviews. • Execute static (SAST) and dynamic (DAST) application security assessments. • Perform manual penetration testing and secure code reviews to detect risks. • Analyze application dependencies and third-party components, ensuring vulnerability remediation. • Validate security fixes via rigorous regression testing and secure deployment methods. • Prepare training initiatives for developers on secure coding practices, application security principles, and DevSecOps workflows. • Create and disseminate security documentation, guidelines, and playbooks for developers and architects. • Mentor engineers to adopt security-first product development and incident prevention strategies. • Establish and support developer security champion programmes within agile teams. • Implement robust security controls for containerized workloads in Docker, Kubernetes, and similar platforms. • Design and secure API endpoints and microservices architectures. • Leverage cloud security services on AWS, Azure, or GCP to deliver secure, scalable solutions. • Advocate for best practices in secret management, repository vaulting, and cloud-native application monitoring.

🎯 Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience. • Minimum 3-5 years of experience in application security engineering. • Familiarity with implementing container security policies and securing high-performance CI/CD development ecosystems. • Proficiency in multiple programming languages (e.g., Java, Python, JavaScript, Go, .NET). • Extensive experience deploying application security tools like SonarQube, Checkmarx, Veracode, OWASP ZAP. • Expertise in CI/CD tools and platforms (e.g., Jenkins, GitHub Actions, Azure DevOps). • Solid understanding of container orchestration technologies (e.g., Kubernetes, Docker). • Familiarity with cloud platforms (AWS, Azure, GCP) and IaC assessment tools (Terraform, CloudFormation). • Advanced knowledge of the OWASP Top 10 vulnerabilities, secure coding techniques, and cryptographic best practices. • Proficiency in API security testing and securing microservices. • Hands-on involvement in framework-based security compliance efforts (ISO 27001, GDPR, SOC 2). • Exceptional collaboration and communication abilities when interfacing with software teams. • Strong problem-solving mindset to balance security priorities in fast-paced DevOps environments. • Capable of delivering security-focused workshops and team mentoring. • Must meet UK SC Clearance eligibility guidelines. • Preferred certifications include CSSLP, GWEB, or a Certified DevSecOps Engineer qualification. • AWS / Azure / GCP Security specialization certifications are advantageous. • Excellent command of both spoken and written English.

🏖️ Benefits

• New beginnings can be a challenge. We promise a smooth integration and a supportive mentor • Pick your working style: choose from Remote, Hybrid or Office work opportunities • Early bird or night owl? Our projects have different working hours to suit your needs • Nobody is born an expert. Sharpen your tech skills with our sponsored certifications, trainings and top e-learning platforms • We want you to stay healthy! Enjoy our Private Health Insurance ⁠– it’s custom-made for you • A clear mind is a healthy mind. Attend individual coaching sessions or go one step further by joining our accredited Coaching School • Make the most of our epic parties or themed events – they’re lovingly designed for our people and their families