Skip to content

DevSecOps, Automation & Innovation Engineer | IT CIB

Natixis in PortugalPortugalJuly 11, 2026
Hybrid
Full-time
DevSecOps
Senior · 5+ yrs

Company Description

Natixis in Portugal is a Centre of Expertise whose mission is to transform traditional banking by developing innovative solutions for the business, operations and work culture of Groupe BPCE worldwide. 

As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas – Corporate & Investment Banking and Asset & Wealth Management – as well as transversal services that support all entities across the Group. 

With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group. 

A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

Job Description

We are seeking an Automation & Innovation Engineer to join the IT Transversal (IT TRV) Innovation & Development team — a forward-looking role driving automation transformation and continuous innovation of CIB's development and deployment ecosystem.

Key Responsibility Areas:

1. Automation Transformation Leadership

Primary: Eliminate manual development and operational toil

  • Design and implement comprehensive CI/CD pipeline automation across CIB
  • Automate infrastructure provisioning through Infrastructure-as-Code principles and tooling
  • Establish GitOps principles for configuration management and deployment
  • Automate security validation, compliance checks, and dependency scanning
  • Drive adoption of containerization (Docker) and orchestration (Kubernetes/OpenShift)
  • Create self-healing infrastructure that requires minimal human intervention
  • Eliminate manual security reviews through automated security gates

2. Innovation Leadership & Technology Prototyping

Primary: Drive continuous innovation in automation practices

  • Lead innovation lab activities — prototype and validate emerging automation technologies (service mesh, policy-as-code, advanced observability, GitOps tools)
  • Conduct technology watch on DevOps, security automation, and AI4DevOps trends
  • Create proof-of-concept implementations for cutting-edge tools/frameworks
  • De-risk adoption of emerging technologies before enterprise-wide rollout
  • Transfer innovations and c ompetencies to Development Squad and Business IT teams (IT TRV, IT GMT, IT GBCR)
  • Establish automation excellence center standards and best practices
  • Present findings and recommendations to CIB CIO community

3. Self-Service Platform Engineering

Primary: Build automation platform enabling team independence

  • Design and maintain internal platform (CI/CD, IaC, observability, security scanning)
  • Create Platform-as-a-Service (PaaS) abstractions hiding infrastructure complexity
  • Enable developers to deploy code securely without manual security reviews
  • Establish platform as reusable asset available to IT Transversal, GMT, and GBCR teams
  • Build self-service capabilities (provisioning, deployments, rollbacks)
  • Document and evangelize platform usage through training and community building

4. Developer Experience & Productivity Innovation

Primary: Reduce friction and enable developer happiness

  • Measure "developer toil" — manual, repetitive work slowing down delivery
  • Enable fast feedback loops — deployment feedback in seconds, not hours
  • Design frictionless onboarding — new team members productive in days
  • Build tools that feel like "magic" — developers don't need to understand infrastructure
  • Conduct regular feedback sessions with development teams to identify pain points

5. Velocity Metrics & Continuous Improvement

Primary: Drive measurable improvements in team performance

DORA Metrics Targets:

Metric                                             Target

Deployment frequency                    Daily or multiple-times-daily

Lead time for changes                    Reduce from weeks to days/hours

Time-to-recovery (MTTR)               Reduce by 50%+

Change failure rate                         Reduce failed deployments

Automation Coverage Targets:

Area                                                Target

Infrastructure-as-Code coverage    100%

Security validation automation        90%+

Testing automation                          95%+

Self-service deployment adoption   90%+

6. AI4DevOps Innovation & Intelligent Automation

Primary: Pioneer AI-driven automation in CIB's DevOps ecosystem

  • Design and deploy AI agents for infrastructure provisioning, deployment automation, and incident remediation
  • Establish AI Agent Governance frameworks:
    • Define permission systems and privilege boundaries for AI agents
    • Implement containment strategies ensuring safe agent operation in production
    • Establish audit trails and decision logging for agent actions
  • Implement AI-driven threat modeling and proactive security:
    • Leverage LLMs for threat modeling and adversary behavior anticipation
    • Move from reactive compliance to proactive security hardening
  • Build observability and tracing for AI agents (causal graph tracing, confidence metrics)
  • Design data governance policies for AI agents (prevent data exfiltration, implement redaction)
  • Develop "agent-ready" infrastructure code (idempotent, predictable, safe for AI consumption)
  • Establish hybrid human-AI workflows with clear escalation paths

Qualifications

Experience & Education

  • Bachelor's degree in Computer Science, Engineering, or equivalent experience
  • 5+ years in DevOps, Infrastructure Engineering, SRE, or related roles
  • 3+ years driving innovation, prototyping technologies, or leading architectural improvements
  • Proven track record of reducing manual toil and improving team velocity
  • Familiarity with financial services or regulated industries preferred

Infrastructure Automation & DevOps

  • Expert-level Infrastructure-as-Code principles and practices (tool-agnostic)
  • Strong CI/CD expertise: Jenkins, GitLab CI, GitHub Actions
  • Deep containerization (Docker) and orchestration (Kubernetes, OpenShift)
  • Linux/Unix system administration (RHEL, CentOS, Ubuntu)
  • Git mastery (GitFlow, branching strategies)
  • Cloud platform experience (AWS, Azure, GCP)

Security & Compliance Automation

  • Application security principles (OWASP Top 10)
  • Security scanning automation: SAST/DAST (SonarQube, Checkmarx, ZAP)
  • Container security scanning (Trivy, Aqua)
  • Secrets management (HashiCorp Vault, AWS Secrets Manager)
  • Compliance frameworks (PCI-DSS, GDPR, SOX)
  • Security policy-as-code (OPA, Kyverno)

AI & Intelligent Automation (AI4DevOps)

  • Understanding of AI agents and LLM applications in operations
  • Familiarity with prompt engineering and LLM-based tooling
  • Conceptual knowledge of agent governance, permission systems, and sandboxing
  • Exposure to AI agent frameworks (LangChain, AutoGen)
  • Understanding of hybrid human-AI workflow design

Monitoring, Logging & Observability

  • Prometheus, Grafana, ELK Stack, Datadog
  • Centralized logging (ELK, Splunk, CloudWatch)
  • APM and distributed tracing (Jaeger, DataDog, New Relic)

Software Engineering & Architecture

  • Proficiency in Python, Go, Java, or Bash
  • REST APIs, microservices, event-driven systems
  • Software design principles and testing strategies

Soft Skills

  • Innovation mindset — prototyping, experimentation, "failing fast"
  • Entrepreneurial drive — ownership, bias toward action
  • Communication — technical and non-technical stakeholders
  • Collaboration — across Development, Security, and Operations
  • Teaching mindset — mentoring teams on automation best practices
  • Continuous learning — staying current with emerging technologies

Preferred Skills

  • Open-source contribution or community involvement
  • Service mesh experience (Istio, Linkerd)
  • GitOps platform experience (ArgoCD, Flux)
  • Incident response and postmortem facilitation

Success Metrics & KPIs

DORA Metrics

  • Deployment frequency: weekly → daily or multiple-times-daily
  • Lead time for changes: weeks → days/hours
  • MTTR: reduce by 50%+
  • Change failure rate: reduce failed deployments and rollbacks

Automation Coverage

  • Infrastructure-as-Code: 100% defined in code
  • Security scanning: 90%+ automated
  • Testing: 95%+ executed automatically
  • Deployments: 90%+ via automated pipelines

Platform Adoption

  • Developer adoption: 80%+ of CIB developers using self-service platform
  • Self-service deployments: 80%+ of production deployments
  • Developer toil reduction: 20%+ in manual tasks
  • Developer satisfaction: 80%+ satisfaction score

Innovation Impact

  • Technologies prototyped: 2-3 per year
  • Prototype-to-production rate: 60%+ within 18 months
  • Regular innovation updates to CIB CIO community

AI4DevOps Maturity

  • AI agent governance framework: established and documented
  • AI-driven infrastructure changes: 30%+
  • Agent success rate: 95%+ reliability
  • Proactive threat detection via LLM-based modeling

Additional Information

Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are committed to being inclusive, caring, and fair, ensuring every voice is heard and valued.

Job Details

Experience

Senior · 5+ yrs

Tools & Tech

Aqua
ArgoCD
AWS
Azure
Bash
Checkmarx
Datadog
Docker
Elasticsearch
FluxCD
GCP
Git
GitHub
GitHub Actions
GitLab
GitLab CI
Go
Grafana
Istio
Java
Jenkins
Kubernetes
LangChain
Linkerd
Linux
New Relic
OPA
OpenShift
OWASP ZAP
Prometheus
Python
Splunk
Trivy
Vault