Devoteam Cyber Trust | Application Security - Lead | Banking Sector

Company Description

Devoteam Cyber Trust is the Cybersecurity specialist arm of the Devoteam Group. With our 800+ experts located across EMEA, we aim to establish cybersecurity as an enabler of business success rather than a gatekeeper. We leverage an end-to-end approach to Cyber Resilience, Applied Security, and Managed Security services to secure the tech journey of large and medium-sized companies from all sectors and industries.

Since 2009, previously known as INTEGRITY, our team based in Portugal is specialised in providing cutting-edge Managed Security Services that combine its expertise and proprietary technology to consistently and effectively reduce the cyber risk of our clients.

The comprehensive service range includes Persistent Intrusion Testing, ISO 27001, PCI-DSS, GRC Consulting and Solutions, and Third-Party Risk Management. ISO 27001 (Information Security) and ISO 9001 (Quality) certified, PCI-QSA, and member of CREST and CIS - Centre for Internet Security, we provide services to a considerable number of clients, operating in more than 20 countries.

Job Description

The First Line of Defense (LoD1) IT Risk Management (ITRM) team plays a strategic role within our organization by monitoring topics related to IT Risks and by establishing operational standards in accordance with organizational policies, ensuring their effective implementation.

We are seeking an experienced Application Security Engineer to lead application security initiatives, mentor junior team members, and drive strategic security improvements across our development ecosystem. This role combines hands-on technical expertise with leadership responsibilities in our mission to implement comprehensive application security practices.

🎯 Main Responsibilities:

Strategic Leadership

• Roadmap Development: Contribute to the application security strategy and roadmap development.

• Mentorship: Guide, support, and mentor junior AppSec engineers.

• Framework Optimization: Drive continuous improvement of the IT S-SDLC (Secure Software Development Life Cycle) Framework.

Technical Excellence

• Advisory Services: Provide expert-level support and advisory services to development squads.

• Vulnerability Management: Lead complex vulnerability analysis and remediation efforts.

Communication & Adoption

• Community Engagement: Lead community animation through advanced workshops and training sessions.

• Developer Guidance: Conduct weekly open sessions to assist and guide developers.

• Documentation: Develop comprehensive technical documentation and best practices.

• Metrics & Governance: Monitor and optimize KPIs, KRIs, and OKRs for security metrics.

Innovation & Research

• Threat Analysis: Conduct technological watch and emerging threat analysis.

• Prototyping: Propose and drive Proof of Concepts (POC) for innovative security solutions.

Qualifications

🎓 Required Qualifications

• Education: * Master's degree (Bac+5) minimum.

  • Engineering school or equivalent higher education preferred.

• Experience: * 3+ years minimum in Cybersecurity, Application Security, or DevSecOps.

  • Proven leadership experience in application security projects.

  • Previous experience in an international banking ecosystem is a plus.

• Languages: * Portuguese: Proficiency mandatory (team based in Portugal).

  • English: Proficiency mandatory (international environment).

  • French: Nice to have.

💻 Technical Expertise Required

Core Security Tools & Technologies

• Advanced proficiency in SAST, SCA, Container Image Scanning, and DAST.

• Experience with Infrastructure as Code (IaC) Scanning and Secrets Detection tools.

• Quality assurance and security tool integration directly into CI/CD pipelines.

Programming & Development

• Expert-level knowledge in Python, C++, C#, or other major languages.

• Familiarity with development frameworks and ecosystems (e.g., Hadoop, Angular).

Security Knowledge

• Deep understanding of OWASP Top 10 vulnerabilities.

• Advanced vulnerability analysis and remediation strategies.

• False-positive identification and optimization techniques.

• End-of-Support (EoS) lifecycle management.

Cloud & Infrastructure Security

• Comprehensive knowledge of cloud security across private, public, regulated, and hybrid environments.

🤝 Essential Skills (Soft Skills)

• Leadership Capabilities: Independent project and team management; strategic thinking; ability to influence and drive adoption across development teams.

• Communication Excellence: Advanced pedagogical skills for vulnerability correction guidance; ability to translate technical concepts for diverse audiences.

• Technical Problem-Solving: Deep understanding of developer and technical lead requirements; analytical mindset for complex security challenge resolution.

Additional Information

The Devoteam Group works for equal opportunities, promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity, dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Join us in our mission to safeguard our clients' critical digital assets by applying deep technical expertise to their most strategic projects.

Apply now to become a key technical leader in this pivotal engagement and make a tangible impact as a key member of our Cybersecurity Engineering Professional Services team!