Descrição
Turn CI/CD into a security powerhouse—make SBOM obsolescence a solved problem.
Lisbon-based opportunity with remote work (up to 2 days per week on-site).
As a Senior DevOps Security & SBOM Obsolescence, you will be working for our client in an environment where industrial-grade CI/CD and security-by-design are essential.
You will help build and maintain secure automation pipelines, analyze software supply chain risks from SBOMs, and support standardization across multiple projects—so teams can ship faster with confidence, even without direct access to application source code.
Your main responsibilities:
Design, implement, and maintain industrial CI/CD pipelines across multiple projects using tools such as GitLab CI, Azure DevOps, Jenkins, or equivalent.
Integrate security controls into CI/CD workflows to strengthen the software delivery lifecycle.
Manage dependencies and repositories (e.g., Artifactory or equivalent), ensuring reliable artifact handling and traceability.
Apply SBOM-based analysis to identify library obsolescence and end-of-life (EOL) risks.
Work with SBOM data (CycloneDX, SPDX, etc.) to evaluate risks even when application source code is not directly available.
Perform Open Source vulnerability analysis by mapping findings to CVEs and transitive dependencies.
Use security scanning tooling such as JFrog Xray (or similar) to support vulnerability and compliance checks.
Collaborate effectively across Development, Security, Software Factory, and Management to drive standardization and industrialization.
You're ideal for this role if you have:
4+ years of experience in DevOps and CI/CD, with strong hands-on expertise in building and maintaining industrial pipelines.
Strong CI/CD experience with GitLab CI, Azure DevOps, Jenkins, or equivalent.
Solid knowledge of dependency management and repository/artifact solutions such as Artifactory (or equivalent).
Hands-on experience integrating security controls into CI/CD pipelines.
Good knowledge and/or practical experience with SBOM standards and formats (CycloneDX, SPDX, etc.).
Experience with JFrog Xray or similar security scanning tools.
Ability to analyze Open Source vulnerabilities (CVE mapping and transitive dependency risk).
Experience working from SBOMs without direct access to application source code.
It is a strong plus if you have: (optional)
Interest in automation, agent-based approaches, or Github Copilot to accelerate security and SBOM workflows.
Contribution to standards or development methodologies.
French B2 (nice to have).
Language Required for the role :
English (Communicative / B2 – working proficiency).
Eligibility for the role :
Only candidates with an existing legal right to work in Europe will be considered for this role.
#MAKEYourCareerBETTER
Interested?
Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.
https://itdsportugal.com/en/it-jobs/9420/?utm_source=itjobs
Meteorologia no dia de início
quinta-feira, 25 de junho — Aguaceiros · Máx 24° · Mín 19° · Chuva 58% (3.9mm) · Vento 22 km/h
Previsão para os dias seguintes
-
sex, 26 junParcialmente nubladoMáx 25° · Mín 20°
-
sáb, 27 junParcialmente nubladoMáx 25° · Mín 19°
-
dom, 28 junParcialmente nubladoMáx 28° · Mín 19°
-
seg, 29 junCéu limpoMáx 30° · Mín 20°
Detalhes
- Tipo de listagem
- Oferta de emprego
- Tipo horário
- Full-time
- Categoria
- Tecnologia
- Estado
- —
- Localização
- Lisboa, PT
- Início
- 24/06/2026
Salário de Mercado
€788 - €1 695/mês
Para este trabalho poderás precisar de
Sugestões de produtos e recursos úteis para esta vaga.
32" LG UltraFine Ergo 4K (32UN880-B)
Monitor 4K com ajuste ergonômico (altura, inclinação, rotação) e alta densidade de pixels, perfeito para visualizar múltiplas janelas de logs, dashboards de segurança (e.g., Trivy, Dependency-Track) e SBOMs sem esforço visual.
Noise Cancelling Headphones Sony WH-1000XM5
Fones com cancelamento ativo de ruído para concentração em ambientes remotos ou escritórios open-space, com microfone claro para chamadas com equipas distribuídas (e.g., sincronização de políticas de segurança).
Roost Laptop Stand (V3)
Suporte portátil para laptop que eleva o ecrã à altura dos olhos, melhorando a postura e reduzindo dores cervicais durante análises prolongadas de vulnerabilidades ou reuniões de alinhamento técnico.
Logitech MX Master 3S (Silent)
Mouse ergonômico com rolagem ultra-rápida e silenciosa, ideal para longas sessões de análise de SBOMs ou configuração de pipelines, reduzindo fadiga e ruído em ambientes remotos.
Keychron Q3 (Custom Mechanical Keyboard - Silent Red Switches)
Teclado mecânico compacto e silencioso (switches lineares), otimizado para produtividade em automação e scripting, com layout programável para atalhos de CI/CD (e.g., Git, Kubernetes).
YubiKey 5C NFC
Autenticação multifator (MFA) física para proteger acessos a pipelines CI/CD, repositórios e sistemas críticos, essencial para segurança em DevOps e compliance com frameworks como NIST ou ISO 27001.