DevSecOps (Security) - BPCE-SI (Porto/Lisboa)

Company Description

Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide. 

As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas — Corporate & Investment Banking and Asset & Wealth Management — as well as transversal services that support all entities across the Group. 

With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group.  

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

Job Description

We are seeking a skilled DevSecOps Engineer to join our Security team at BPCE. In this role, you will play a critical part in enabling our IT teams to develop and release secure applications by implementing comprehensive Application Security testing solutions and promoting best practices across the organization.

Key Responsibilities:

• Application Security Testing Solutions: Study, test, deploy, and maintain Application Security Testing tools and methodologies, including SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), and RASP (Runtime Application Self-Protection).
• Security Scanning: Conduct application security scans on various business applications to identify vulnerabilities and ensure adherence to security standards.
• Collaboration with DevOps: Work closely with DevOps teams and other security professionals to automate application security testing and integrate security controls into the development and release pipelines (CI/CD).
• Code Security Reviews: Collaborate with developers to perform thorough security reviews of the bank’s applications, providing actionable recommendations for vulnerability remediation and mitigation.
• Guideline Development: Draft, update, and maintain application security guidelines to ensure secure development practices across teams.
• Reporting Platform Development: Develop and maintain a platform for aggregating and reporting application security results, enabling better visibility and informed decision-making regarding security posture.

Technical Requirements:

• Development Experience: Minimum of 5 years of experience with one or more programming languages (Java, Angular, .NET, PHP, Python, etc.).
• Best Practices Knowledge: Strong understanding of software development best practices and an awareness of source code vulnerabilities.
• Protocols Knowledge: Familiarity with HTTP and API protocols to ensure secure data transmission.
• CI/CD Tools: Basic experience with CI/CD tools, including GIT, Jenkins, and Azure DevOps.
• Security Tools Experience: Previous experience with static or dynamic security scanning tools is an advantage.

Language Proficiency:

• Fluency in French is mandatory; proficiency in English is a plus.

Join Natixis, the corporate banking, management, insurance, and financial services arm of the BPCE Group, the second-largest banking player in France, serving 36 million customers through its two networks, Banque Populaire and Caisse d'Epargne. In this role, you will contribute to shaping a secure digital environment and protecting the interests of our clients and stakeholders.

If you are passionate about DevSecOps and application security, and you thrive in a collaborative, innovative environment, we encourage you to apply and become a vital part of our dynamic team!

Additional Information

Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commited to being inclusive, caring, and fair, ensuring every voice is heard and valued.