DevSecOps / AppSec Information Security Engineer

DevSecOps Engineer

Ryanair Labs is the technology brand of Ryanair. Labs is a state of-the-art digital & IT innovation hub creating Europe's Leading Travel Experience for our customers. The Ryanair platform has over 1 billion visits per year. By joining Ryanair, you will develop cutting edge tech solutions inside Ryanair, transforming aviation for Pilots, Cabin Crew & Ground Ops, as well as driving the tech experience for our customers on Europe’s largest travel website!

Ryanair Labs has more than 550 employees across our offices in Dublin, Madrid, Poland, and Portugal. Our plan is to continue to grow our IT Labs Team so we are always on the lookout for the best talent. Apply today for more information.

The Role

We are looking for an Information Security Engineer, comfortable in working with minimal supervision. Will perform security architecture reviews of new and existing platforms. Partner with business units, departments providing input on security standard methodologies throughout project-lifecycles. Contribute to the Security program by performing reviews and security audits. Talk confidently about our Cyber Security program, and help integrate our business needs with our Cyber Security needs. The SecDevOps Engineer provides operational & security expertise in executing technology strategies implementing secure software development measures into CI/CD pipelines and collaborating with dev teams to apply a shift-left security strategy in the development lifecycle.

Responsibilities:

• Contributing features to internally developed Cybersecurity tools and integrating those tools into the DevOps pipelines
• Oversee development lifecycles and analyze security information related
• Driving continuous improvement to the DevOps pipelines and processes and the Cybersecurity tools, services, and processes
• Performing technology research from a security context for strategic, tactical, and operational business needs and deliver research results to internal stakeholders
• Research appropriate security testing tools
• Whitebox code review of these products, applications, and integrations where appropriate
• Blackbox review of products, applications, and integrations where appropriate
• Aligns security deliverables with legal, regulatory and contractual requirements that conform with security framework and standards such as NIST SP 800-53 rev 4, ISO/IEC 27000 series, OWASP Top 10, SANS Top 20, CIS Top 20.

Requirements

• Experience working with Cloud in a security-enabled environment
• Strong experience with AWS is required
• Proven ability to work independently, collaboratively as part of a global team and deliver to multiple deployment schedules
• Proven experience with Web Application Security Testing, Code Reviews, Vulnerability Assessment, Penetration Testing & Generating Reports
• Experience with (NIST, PCI) security controls, governance & risk management protocols
• Relevant experience with application security, secure software development, and building security into software development workstreams
• Demonstrated proficiency in preparing high-quality documentation and presentation skills

Benefits

• A competitive but flexible career plan.
• We offer a relocation package to people who are coming from another country.
• Travel discounts (of course!).

• Hybrid remote work model (3 remote/ 2 office).