Empleos actuales relacionados con DevSecOps Engineer - Las Rozas, Madrid - Allot

Purpose of the Role
Join the Application Security (AppSec) team to ensure the security of Allot's products. Collaborate closely with Development and DevOps teams to integrate security into applications, infrastructure, and workflows, while proactively addressing vulnerabilities and strengthening our systems.

Key Responsibilities

• Automate security tools for the CI/CD workflow. Analyze CIS benchmarks; prioritize critical security controls.
• Execute Security scans per release. Proactively address security vulnerabilities by developing countermeasures and implementing industry-leading solutions. Assess third-party image vulnerabilities and recommend secure alternatives
• Contribute to product architecture and infrastructure design, with focus on backend and security aspects.
• Collaborate with development engineers and provide mitigation recommendations.
• Work closely with the DevOps group to ensure secure deployments.
• Solve security-related challenges in OS hardening, network segmentation, and protocols. Evaluate regulatory compliance requirements and define security controls.
• Research, review, and integrate new security controls for operating systems and applications.
• Explore and implement new security automation tools.

Requirements:

What you should have:

• 3+ years of relevant experience as a DevSecOps engineer and knowledge of Linux systems administration.
• Experience using SAST, DAST & other Security tools for application security testing.
• Hands-on experience with IaC tools.
• Ability to support application security reviews: threat modeling, code review, dependencies, authentication/authorization flows, data privacy (encryption, anonymization).
• Experience building and maintaining infrastructure, tools, and services to enhance delivery and availability.
• Strong background with containerized and microservices environments (Docker, Kubernetes).
• Experience with cloud architectures (AWS preferred).
• Knowledge of build/release systems, CI/CD, Jenkins, and Git.
• Strong programming and scripting skills (Python, Bash, etc.).
• Excellent problem-solving skills and ability to work independently.
• Strong collaboration skills to work with multiple business lines and functions.

Nice to have:

• Desirable: Experience in domains such as secure execution, container security, penetration testing, or security audits.
• Desirable: Knowledge of Snyk or other SCA tool, SonarQube, Nessus, Jenkins.
• Desirable: Contributions to open-source projects (extra credit for security-related projects).
• Desirable: Familiarity with cryptographic algorithms, authentication protocols, transport layer security, Linux OS hardening (e.g., SELinux), and secure coding practices (SSDLC).
• Proactive approach, curiosity, and initiative to tackle unknowns.