Devsec Ops engineer
- Team
IT
- Contract type
Vast
- Niveau
Medior (2 - 7y)
Our Offer
Keytrade Bank is a young bank, where all IT systems traditionally were developed in house. Currently Keytrade Bank is moving to a model where we focus on customer experience and innovative products, relying more on off-the-shelf products and services for the basic functionalities. We take this opportunity to refactor our systems following microservice architecture and Domain Driven Development.
Next to this technical transition, Keytrade Bank has moved towards a customised Agile organisation at all levels of the bank. The Product Factory (our delivery machine) contains autonomous Feature Teams, split by business domain instead of technology. Autonomous means, that each team has all the skills needed for its domain, IT as well as business. On top of that, each technology has its own chapter to share and manage the technical experience.
Working in a small bank - especially in autonomous teams - is very different than working in a big bank. Responsibilities are much bigger, knowledge broader. We have a very high growth rate and we are looking for motivated people willing to become part of our dynamic teams to help improve and transform its existing trading and banking system.
Your Role
We are seeking a highly motivated and Frontend JavaScript DevSecOps Engineer to join our dynamic team. In this role, you will be responsible for maintaining our frontend code repositories, integrating security practices into our Continuous Integration and Continuous Delivery (CI/CD) pipelines, ensuring the secure development and deployment of our applications. You will establish and maintain security gates, perform vulnerability assessments, generate comprehensive reports, and drive the resolution of identified security issues.
You are a team player, always ready to share and discuss ideas to improve the existing, and to find solution for new projects. Everyone is acknowledged for their role, and we need people with a strong sense of responsibility in our teams.
Your Responsibilities
CI/CD Pipeline Security:
- Design, implement, and maintain security controls and gates within our CI/CD pipelines in Gitlab.
- Integrate security tools and practices into the pipeline, including static application security testing (SAST), dynamic application security testing (DAST), dependency vulnerability management and container vulnerability management.
- Automate security testing and validation processes to ensure continuous security monitoring.
- Implement and manage secrets detection and management.
Vulnerability assessment and resolution:
- Conduct regular vulnerability assessments of applications and infrastructure using automated and manual techniques.
- Analyze and prioritize vulnerability findings based on risk and impact.
- Proactively resolve or collaborate with other development and operations teams to remediate and resolve identified vulnerabilities.
- Evaluate and implement new security tools and technologies to enhance our security posture.
- Contribute to the development of security best practices and standards.
Security Reporting and Monitoring:
- Develop and maintain comprehensive security dashboards and reports to track key security metrics.
- Generate regular reports on security posture, vulnerabilities, and remediation efforts.
Coordination:
- Collaborate with development, operations, and security teams to ensure security is integrated throughout the software development lifecycle (SDLC).
- Provide security training and guidance to development teams.
- Drive and contribute to the development and growth of a DevSecOps chapter within the organization.
Your Profile and Skills
- Proven experience (3-5 years) in Frontend Javascript DevSecOps or a similar engineering role.
- Strong understanding of CI/CD pipelines and security best practices (preferred working experience with Gitlab).
- Experience with security testing tools (SAST, DAST, Container scanning, Dependency scanning)
- Proficiency in scripting languages (e.g., Python, Bash, PowerShell).
- Proficiency in developing Javascript applications (NodeJS, React, TypeScript).
- Experience with cloud platforms (AWS, Azure, GCP).
- Familiarity with containerization and orchestration technologies (Docker, Kubernetes).
- Knowledge of security frameworks and standards (e.g., OWASP, NIST).
- Excellent communication and collaboration skills.
What we have to offer
- Keytrade Bank is a young and dynamic organization with a lean structure, that evolves in an Agile ecosystem. The tempo and the atmosphere are upbeat and no day goes by without an element of fun!
- The company works in an agile setup with a lot of flexibility regarding remote work. This means that you will be guaranteed at least 50% homework with a high degree of flexibility.
- Offices are located in Watermael-Boitsfort in a peaceful, green surrounding.
- A competitive salary with extra-legal advantages such as meal vouchers, group insurance, health insurance and many others
- Continued education and access to trainings
- Stepping stone for a continued career within Keytrade Bank
- Open, inclusive culture and dynamic working environment