DevSecOps Engineer

Lisboa, Lisboa, PT

Shield

SHIELD is the first line of defense against fraud, empowering businesses to build trust and drive growth with persistent device fingerprinting and intelligence.

View all jobs at Shield

Apply now Apply later

Description

We are seeking a DevSecOps Engineer with a strong technical backbone and a passion for secure, scalable engineering. This role will serve as the bridge between Security, DevOps, and Engineering—owning the strategy and execution of embedding security controls and automation throughout our AWS-native cloud ecosystem.

You will be responsible for building a resilient and secure SSDLC by integrating cutting-edge security tooling across the CI/CD pipeline, enabling “shift-left” enforcement from the earliest stages of code development. This includes embedding controls for SAST, DAST, SCA, and IaC security scanning, ensuring that every code commit, container build, and infrastructure deployment aligns with best-in-class security standards.

Your focus will extend to full-lifecycle management of base images, container runtimes, and open-source package dependencies, with a structured cadence to track, assess, and upgrade components like Debian-based images, Kubernetes versions, and language-specific libraries (e.g., pip, npm, Maven). You'll lead the technical mapping of CVEs and their impact across heterogeneous environments—including production, staging, customer-specific topologies, and multi-region AWS deployments.

You'll partner closely with the CISO, GRC, and Cybersecurity leaders to define and implement hardening standards, encryption-at-rest and in-transit policies (e.g., AWS KMS, S3/Bucket security), and establish secure Infrastructure-as-Code (IaC) patterns. Your work will be key in standardizing our IaC practices, enforcing secure-by-default templates, and ensuring deterministic, auditable provisioning across all environments.

If you're excited by threat modeling cloud-native systems, automating security gates at scale, and continuously raising the bar for infrastructure and application security, this is your opportunity to lead and shape the DevSecOps domain at an enterprise level.

Key Responsibilities:

  • Security Integration Across SDLC:

Embed security across CI/CD pipelines by integrating various security tool categories, including: SAST, DAST , SCA , IaC Security Scanning

Design and manage pipelines to enforce continuous and automated security validation.

  • Base Image & Dependency Lifecycle Management:

Establish and govern a structured cadence for updating and maintaining base images (e.g., Debian, Kubernetes distributions) and open-source packages. Maintain visibility over lifecycle status and vulnerability exposure.

  • Open Source & Vulnerability Risk Ownership:

Lead the mapping and continuous tracking of open-source software usage. Serve as the technical authority for understanding CVEs, their severity, exploitability, and the downstream impact based on deployment topology.

  • Impact-Driven Vulnerability Analysis:

Perform in-depth vulnerability impact assessments that consider runtime architecture, customer-specific deployments, and functional exposure. Guide the prioritization of remediations accordingly.

  • IaC Security & Infrastructure Hardening:

Ensure all AWS infrastructure provisioned via IaC (e.g., Terraform, CloudFormation) follows strict security best practices. Embed controls to scan, validate, and enforce secure configurations during code review and deployment.

  • Shift-Left Security Enablement:

Promote early-stage security involvement in development cycles. Work closely with engineering teams to ensure secure design principles, dependency awareness, and environment-aware vulnerability handling are considered early.

  • Security Standards Alignment:

Partner with the CISO, GRC, and Cyber teams to ensure alignment on:

AWS data protection policies (e.g., encryption of data at rest/in transit), Bucket and storage security, IAM role governance, Secure deployment patterns

  • Technical Leadership & Enablement:

Create guidance, playbooks, and best-practice documentation for developers, DevOps, and engineering teams. Conduct knowledge-sharing sessions to strengthen internal DevSecOps maturity.

Requirements

Required Qualifications:

  • 5+ years of experience in DevSecOps, Security Engineering, or Infrastructure Security roles.
  • In-depth knowledge of security tool types (SAST, DAST, SCA, IaC scanning) and their application across CI/CD pipelines.
  • Strong understanding of IaC best practices, AWS security architecture, and cloud-native infrastructure patterns.
  • Proven experience assessing and remediating vulnerabilities in complex, multi-environment deployments.
  • Solid background in managing third-party packages and base images across cloud-native stacks.
  • Demonstrated ability to lead security integration initiatives and collaborate cross-functionally with Security, DevOps, and R&D.
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  3  0  0

Tags: Application security Automation AWS CI/CD CISO Cloud DAST Debian DevOps DevSecOps Encryption Governance IAM Kubernetes Maven Open Source R&D S3 SAST SDLC SSDLC Strategy Terraform Vulnerabilities

Region: Europe
Country: Portugal

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.