As a Senior DevSecOps Consultant, you will integrate the multidisciplinary DevSecOps team.

At Thales, we prevail in human growth making sure our employees have the possibility to level up by providing them with the latest technologies and numerous training. We will help you develop your skills and offer you motivating and stimulating projects, adapted to your profile and allowing you to surpass yourself.

As listening is at the heart of our company, you will quickly find your place within Thales Cyber Solutions Luxembourg.

Your main responsibilities as a Cloud Security Consultant

• Lead the design and implementation of security controls within CI/CD pipelines.
• Collaborate with DevOps and development teams to ensure security is embedded throughout the software delivery lifecycle.
• Perform security assessments of CI/CD tools and workflows to identify and mitigate potential vulnerabilities.
• Automate security testing (SAST, DAST, IAST) to detect vulnerabilities early in the development process.
• Implement and manage security protocols for containerization (e.g., Docker, Kubernetes) and orchestration.
• Develop and maintain secure artifact management and version control practices, including secure code management in Git, GitLab, Jenkins, etc.
• Integrate and manag tools   for static code analysis and vulnerability detection( preferred Fortify) .
• Use of tools (e.g., Nexus Lifecycle) to identify open-source component vulnerabilities and manage dependency security.
• Oversee secret management, key management, and encryption within the pipeline to protect sensitive information ( preferred Sonatype) .
• Implement infrastructure-as-code security controls using Terraform to ensure secure cloud deployments.
• Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, NIST, SOC 2, GDPR).
• Proactively monitor CI/CD environments for security breaches, threats, and incidents, providing timely remediation.
• Conduct threat modeling, vulnerability assessments, and risk analysis for pipeline architecture.
• Educate and train teams on DevSecOps principles and secure coding practices.
• Stay updated on the latest security trends, vulnerabilities, tools, and technologies to continuously improve pipeline security.

Your profile as a Cloud Security Consultant:

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 5+ years of experience in DevOps, security, or a related role with a focus on CI/CD pipeline security.
• Expertise with CI/CD tools such as Jenkins, GitLab CI, Azure DevOps, CircleCI, etc.
• Strong understanding of security principles and best practices for CI/CD pipeline design and operation.
• Hands-on experience with security testing tools (SAST, DAST, IAST), preferred Fortify.
• Experience with dependency management and vulnerability scanning, preferred tools:  Sonatype
• Expertise in using Terraform to implement and secure infrastructure as code.
• Experience with container security and orchestration (e.g., Docker, Kubernetes).
• Knowledge of cloud security and best practices for cloud-based CI/CD pipelines (AWS, Azure, GCP).
• Proven ability to automate security processes and integrate them into existing DevOps workflows.
• Excellent understanding of vulnerability management, encryption, secret management, and secure deployment practices.
• Strong analytical, problem-solving, and communication skills.

Preferred:

• Certifications such as CISSP, CEH, or certifications related to cloud security (AWS/Azure  Certified Security – Specialty, etc.).
• Experience with compliance frameworks (ISO, NIST, SOC, GDPR).

If you are passionate about IT security, curious and on the lookout for the latest news, security flaws and technological advances then apply!