Apply now »

Senior DevSecOps Consultant

Location:  Malaga
Other locations:  Primary Location Only
Salary: Competitive
Date:  Sep 15, 2022

Job description

Requisition ID:  1121422

Senior DevSecOps Consultant

Let us introduce you the job offer by EY GDS – a member of the global integrated service delivery center network by EY in GDS office in Malaga, Spain.


DevSecOps is one of the competencies within EY GDS Cyber Security AEET (Architecture, Engineering and Emerging Technologies) practice with the following key offerings:
•    Developing security capabilities.
•    Leveraging DevSecOps principles, design and implement Security solutions.
•    Continuous Integration & Continuous Deployment with Security mindset and focus.
•    Assessment and Strategy Planning.
•    Developing capabilities used to deploy large-scale cyber countermeasure capabilities to detect and prevent sophisticated threats and vulnerabilities on enterprise networks.
•    Ensuring compliance to enterprise architecture, security policies and operational procedure.

The opportunity


 As a member of our team in GDS office in Malaga, Spain, you’ll have a chance to extend your knowledge & experience by working on the interesting projects with the newest technologies and approaches. You’ll support clients in choosing the most suitable business solution and take part in digital transformation.

Your key responsibilities
•    Performing security architecture reviews of applications in design and production phases.
•    Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment.
•    Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques.
•    Integrating application security tools and process in automated pipelines.
•    Working with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment.
•    Participating in market facing activities. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members.
•    Resolving and reviewing resolution of security vulnerabilities as needed.
•    Improving secure coding practices, application security requirements, automation, training and metrics.
•    Maintaining an active understanding of industry practices for secure software development.
•    Working with application development teams to refactor or create security solutions.
•    Monitoring & Logging and Site Reliability.
Skills and attributes for success
•    Understanding of or experience in Agile Development Environment
•    Problem solving and troubleshooting with eye for details
•    Good communication and presentation skills
•    Ability to work in both collaborative and independent work environments
•    Proven ability to work as DevSecOps on projects
•    Excellent command over English (written and spoken)


To qualify for the role, you must have

•    Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools.
•    Experience in performing security architecture/threat modeling 
•    Experience in evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes.
•    Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed

Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
•    Containers (Docker, Kubernetes, etc.)
•    Infrastructure as code (Chef, Terraform, etc.)
•    Continuous integration (Jenkins, etc.)
•    Integration of Security testing tools into pipeline
•    Defect tracking (Jira, Bugzilla, ServiceNow etc.)
•    Source code management (GitLab, GitHub, BitBucket, etc.)
•    Developing enterprise applications or scripts for security testing (security as code)
•    Cloud environment (AWS, Azure, GCP) and various Unix-like distributions

Must have experience in the following:
•    Certifications relevant to the role ;
•    Knowledge of networking, infrastructure and applications from a DevOps perspective with a security focus;
•    Experience in programming or scripting languages;
•    Broad knowledge of security control techniques and how they can be applied in a traditional IT environment as well as cloud-based systems;
•    Knowledge of security monitoring, prevention and control systems including anti-virus, web proxies and security software;


Ideally, you’ll also have

•    Diploma or Degree in Computer Science, Software Engineering or related discipline with 3+ years’ of overall experience
•    Good technical knowledge of Microservice oriented solutions, APIs, Azure AD and common Cloud authentication patterns
•    Cloud/DevOps Certification (MS Azure/AWS/GCP)


What we look for

As we are a dynamic team of passionate specialists, and we work in international teams all over the world, we will look for the same business acumen. Facing with customers, we are "out of box thinking" professionals.  Our top performers have a team player  attitude and they cope with challenges on the daily basis. If  it all sounds familiar to you - we are looking forward to seeing you on board

What we offer

EY Global Delivery Services (GDS) is a dynamic and truly global delivery network. We work across six locations – Argentina, China, India, the Philippines, Spain, Poland and the UK – and with teams from all EY service lines, geographies and sectors, playing a vital role in the delivery of the EY growth strategy. From accountants to coders to advisory consultants, we offer a wide variety of fulfilling career opportunities that span all business disciplines. In GDS, you will collaborate with EY teams on exciting projects and work with well-known brands from across the globe. We’ll introduce you to an ever-expanding ecosystem of people, learning, skills and insights that will stay with you throughout your career.
•    Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
•    Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
•    Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
•    Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.


About EY
EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
If you can demonstrate that you meet the criteria above, please contact us as soon as possible.
The exceptional EY experience. It’s yours to build.

Apply now »