Devoteam Cyber Trust | Application Security - Lead | Banking Sector

Job Description

The First Line of Defense (LoD1) IT Risk Management (ITRM) team plays a strategic role within our organization by monitoring topics related to IT Risks and by establishing operational standards in accordance with organizational policies, ensuring their effective implementation.

We are seeking an experienced Application Security Engineer to lead application security initiatives, mentor junior team members, and drive strategic security improvements across our development ecosystem. This role combines hands-on technical expertise with leadership responsibilities in our mission to implement comprehensive application security practices.

🎯 Main Responsibilities:

Strategic Leadership

• Roadmap Development: Contribute to the application security strategy and roadmap development.

• Mentorship: Guide, support, and mentor junior AppSec engineers.

• Framework Optimization: Drive continuous improvement of the IT S-SDLC (Secure Software Development Life Cycle) Framework.

Technical Excellence

• Advisory Services: Provide expert-level support and advisory services to development squads.

• Vulnerability Management: Lead complex vulnerability analysis and remediation efforts.

Communication & Adoption

• Community Engagement: Lead community animation through advanced workshops and training sessions.

• Developer Guidance: Conduct weekly open sessions to assist and guide developers.

• Documentation: Develop comprehensive technical documentation and best practices.

• Metrics & Governance: Monitor and optimize KPIs, KRIs, and OKRs for security metrics.

Innovation & Research

• Threat Analysis: Conduct technological watch and emerging threat analysis.

• Prototyping: Propose and drive Proof of Concepts (POC) for innovative security solutions.

Qualifications

🎓 Required Qualifications

• Education: * Master's degree (Bac+5) minimum.

  • Engineering school or equivalent higher education preferred.

• Experience: * 3+ years minimum in Cybersecurity, Application Security, or DevSecOps.

  • Proven leadership experience in application security projects.

  • Previous experience in an international banking ecosystem is a plus.

• Languages: * Portuguese: Proficiency mandatory (team based in Portugal).

  • English: Proficiency mandatory (international environment).

  • French: Nice to have.

💻 Technical Expertise Required

Core Security Tools & Technologies

• Advanced proficiency in SAST, SCA, Container Image Scanning, and DAST.

• Experience with Infrastructure as Code (IaC) Scanning and Secrets Detection tools.

• Quality assurance and security tool integration directly into CI/CD pipelines.

Programming & Development

• Expert-level knowledge in Python, C++, C#, or other major languages.

• Familiarity with development frameworks and ecosystems (e.g., Hadoop, Angular).

Security Knowledge

• Deep understanding of OWASP Top 10 vulnerabilities.

• Advanced vulnerability analysis and remediation strategies.

• False-positive identification and optimization techniques.

• End-of-Support (EoS) lifecycle management.

Cloud & Infrastructure Security

• Comprehensive knowledge of cloud security across private, public, regulated, and hybrid environments.

🤝 Essential Skills (Soft Skills)

• Leadership Capabilities: Independent project and team management; strategic thinking; ability to influence and drive adoption across development teams.

• Communication Excellence: Advanced pedagogical skills for vulnerability correction guidance; ability to translate technical concepts for diverse audiences.

• Technical Problem-Solving: Deep understanding of developer and technical lead requirements; analytical mindset for complex security challenge resolution.

Additional Information

The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Join us in our mission to safeguard our clients' critical digital assets by applying deep technical expertise to their most strategic projects.

Apply now to become a key technical leader in this pivotal engagement and make a tangible impact as a key member of our Cybersecurity Engineering Professional Services team!