Application Security Manager (DevSecOps)

Description

Job Summary: We are seeking an Application Security Manager with experience in DevSecOps, software development lifecycle (SDLC) security, and protection of on-premises and cloud environments. Key Highlights: 1. Join a leading company in the industry 2. Continuous training in a pleasant work environment 3. Flexible working hours **Description:** ---------------- At ARAG, we seek people with vocation, enthusiasm for growth, and passion for helping improve others' lives. We are an international company headquartered in Düsseldorf, comprising over 4,000 professionals across 19 countries, and the market leader in Spain for Legal Defense Insurance and Travel Assistance, trusted by more than 20 million customers. If you are motivated to work in an environment that prioritizes people, work-life balance, well-being, and professional development, ARAG is where you can build your future. We are looking for an **Application Security Manager** with experience in DevSecOps practices, software development lifecycle (SDLC) security, and protection of both on-premises and cloud environments. The selected candidate will collaborate closely with development, QA, and operations teams, integrating security controls into CI/CD pipelines, automating analysis, strengthening architectures, and ensuring compliance with security standards and best practices. **Responsibilities:** * Design, build, and maintain CI/CD pipelines using tools such as Jenkins, GitLab CI/CD, Bamboo, or equivalents, adapting to Azure DevOps, GitHub Actions, or similar options. * Configure automated processes for building, testing, static analysis, and deployment across development, QA, and production environments. * Develop and manage Infrastructure-as-Code (IaC) using Terraform, Ansible, Puppet, or other on-premises tools, learning ARM Templates or Bicep as needed. * Automate operational tasks and configuration processes in on-premises or cloud environments. * Implement and optimize development architectures in local or hybrid environments, adapting to services such as AKS, Azure Functions, or other Azure services. * Design scalable and secure systems applying best practices for on-premises and cloud servers. * Design Docker-based solutions and configure Kubernetes in local or managed environments (AKS, EKS, or others). * Implement containerized deployments based on scalability and resilience criteria. * Configure monitoring tools such as Prometheus, Grafana, or Nagios, and learn solutions like Azure Monitor, Application Insights, or Log Analytics. * Identify and resolve performance, availability, or capacity issues in systems. * Integrate security practices into CI/CD pipelines, incorporating vulnerability scanning, security testing, and compliance analysis. * Apply identity and access management (IAM) principles, with willingness to learn Azure Active Directory. * Collaborate closely with development, QA, and operations teams to embed DevOps practices across the software lifecycle. * Provide technical support and strategic solutions for implementing DevOps in Azure or hybrid environments. **What We Offer:** * Join a leading, established, and expanding company in the industry. * Flexible working hours: start between 8:00 and 9:00 AM, end between 5:00 and 6:00 PM. Intensive schedule on Fridays and during summer: 8:00 AM to 3:00 PM. * Progress review meetings to assess and analyze goal achievement. * Continuous training in a pleasant work environment with strong personal engagement and motivation. * Work modality: 100% on-site during the initial training and adaptation period. After this period, the candidate may request adoption of a hybrid remote work model (50%). * Flexible compensation (medical insurance, savings plan, childcare voucher, transportation voucher, training voucher) and meal vouchers. **Requirements:** --------------- **Mandatory:** * Over 3 years of experience in a similar role. * Experience implementing and managing CI/CD tools (Jenkins, GitLab CI/CD, Bamboo, or similar) and using IaC with Terraform, Ansible, Puppet, Chef, or equivalents. * Prior experience or familiarity with cloud environments (Azure, AWS, GCP). * Solid knowledge of containers (Docker) and Kubernetes (on-premises, hybrid, or cloud). * Experience with monitoring tools (Prometheus, Grafana, Nagios, or equivalents). * Experience in automation and scripting (Python, Bash, PowerShell, or similar). * Knowledge of DevSecOps practices and security tools integrable into CI/CD pipelines. * Familiarity with IAM in on-premises environments and willingness to learn cloud IAM tools (e.g., Azure AD). **Desirable:** * Experience with agile methodologies (Scrum, Kanban) and management tools such as Jira or equivalents. * Certifications for tools such as Jenkins, Terraform, Kubernetes, or similar. * Security certifications (e.g., AZ-500, CCSP, CEH, CompTIA Security+, among others).