Job description
Company Description
Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide.
As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas — Corporate & Investment Banking and Asset & Wealth Management — as well as transversal services that support all entities across the Group.
With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group.
A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company’s mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.
Job Description
We are seeking a skilled DevSecOps Engineer to join our Security team at BPCE SI (Solutions Informatiques). In this role, you will play a critical part in enabling our IT teams to develop and release secure applications by implementing comprehensive Application Security testing solutions and promoting best practices across the organization. In this role, you will contribute to shaping a secure digital environment and protecting the interests of our clients and stakeholders.If you are passionate about DevSecOps and application security, and you thrive in a collaborative, innovative environment, we encourage you to apply and become a vital part of our dynamic team!
Main Responsibilities:
- Application Security Testing Solutions: Study, test, deploy, and maintain Application Security Testing tools and methodologies, including SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), and RASP (Runtime Application Self-Protection).
- Security Scanning: Conduct application security scans on various business applications to identify vulnerabilities and ensure adherence to security standards.
- Collaboration with DevOps: Work closely with DevOps teams and other security professionals to automate application security testing and integrate security controls into the development and release pipelines (CI/CD).
- Code Security Reviews: Collaborate with developers to perform thorough security reviews of the bank’s applications, providing actionable recommendations for vulnerability remediation and mitigation.
- Guideline Development: Draft, update, and maintain application security guidelines to ensure secure development practices across teams.
- Reporting Platform Development: Develop and maintain a platform for aggregating and reporting application security results, enabling better visibility and informed decision-making regarding security posture.
Qualifications
Hard Skills:
- Minimum of 5 years in programming languages (e.g., Java, Angular, .NET, PHP, Python).
- Understanding of software development best practices and awareness of source code vulnerabilities.
- Familiarity with HTTP and API protocols for secure data transmission.
- Basic experience with CI/CD tools, such as GIT, Jenkins, and Azure DevOps.
- Previous experience with static or dynamic security scanning tools.
- Fluency in French (mandatory), proficiency in English (a plus)
Soft Skills:
- Strong communication skills to effectively collaborate with business units.
- Demonstrated ability to understand and prioritize user requirements effectively.
- Strong problem-solving skills for effective incident management and minimizing operational impact.
We will only consider CVs in English.
Additional Information
Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are commited to being inclusive, caring, and fair, ensuring every voice is heard and valued.
