




Job Summary: We are seeking a Systems and Security Analyst with experience in operational resilience, vulnerability management, and security in development, possessing a DevSecOps mindset. Key Highlights: 1. Experience in operational resilience and regulatory compliance (DORA, GDPR). 2. Focus on security in development (Secure SDLC) and vulnerability management. 3. DevSecOps mindset and focus on continuous improvement and auditing. - **Devoteam is a leading European consultancy focused on digital strategy, technology platforms, cybersecurity, and business transformation through technology.** **We address our clients' strategic challenges across six areas of specialization:** Digital Business \& Products, Data\-driven Intelligence, Distributed Cloud, Business Automation, Cybersecurity, and Sustainability achieved through Digitalization. Technology is in our DNA, and we believe in it as a lever capable of driving change for improvement, while maintaining a balance that allows us to provide our clients with top-tier technological tools — always combined with the proximity and professionalism of a team acting as a guide throughout the journey. Our **25 years of experience** make us an innovative, consolidated, and mature consultancy, enabling the development of our **8\.500 professionals**, continuously certifying our consultants in the latest technologies and counting on experts in: Cloud, BI, Data Analytics, Business Process Excellence, Customer Relationship Management, Cybersecurity, Digital Marketing, Machine Learning, Engineering and Software Development. Devoteam has been awarded Partner of the Year 2021 by the five leading cloud providers: **AWS,** **Google Cloud, Microsoft, Salesforce and ServiceNow.** \#CreativeTechForBetterChange We are looking for a System \& Security Analyst profile with the following experience: * Experience in **operational resilience** and compliance with regulatory requirements such as **DORA** and **GDPR** in financial or regulated environments. * Experience in **vulnerability management** and use of static application security testing (SAST) across the development lifecycle, with explicit reference to **GitHub SAST / GitHub Advanced Security**. * Experience in **security in development (Secure SDLC)** and application of **OWASP** guidelines for secure development on **.NET Core** technologies. * Experience in **secrets management** and secure handling of credentials within CI/CD pipelines, using corporate tools and referencing **Terraform** and cloud-based secret services. * Experience in **auditing and continuous improvement**, maintaining process documentation and activity logs available for internal or external audits. * Experience in **initial technical and transition risk assessment**, including AS\-IS diagnosis, transition risk matrix, and knowledge gap analysis. * Knowledge of **AWS cloud environments**, including their security, resilience, and governance implications, covering services such as **EC2**, **S3**, **RDS**, and controlled deployments with **Terraform**. * Knowledge of **Windows Server 2019** and approved container-ready **Linux** operating systems, along with foundational software such as **IIS 10**, **.NET Framework / .NET Core**. * Familiarity with client corporate tools such as **JIRA Service Management**, **JIRA Software**, **Confluence**, **Xray**, as well as observability and monitoring tools like **Nagios**, **Control\-M**, **Grafana**, and **Splunk**. * Knowledge of **service continuity**, **DRP** drills, validation of **RTO/RPO**, and operational resilience reporting. **Skills** * Analytical and risk assessment capabilities, especially during transition phases, initial technical audits, and security exposure control. * Compliance and governance orientation, ensuring alignment with operational controls, corporate security policies, and client standards. * Operational resilience perspective, integrating security, continuity, recovery, and Back Office service stability. * Documentation and traceability skills, producing evidence, technical reports, risk matrices, and architecture/process documentation. * Cross-functional technical communication, engaging with development, operations, security, architecture teams, and international Group stakeholders. * DevSecOps mindset, embedding security into the development lifecycle rather than treating it as an isolated activity at the end of the process. **Desirable** * Experience in the **financial sector**, banking, or highly regulated environments requiring strict operational continuity and regulatory adherence. * Experience in **service transitions**, including access control, initial technical audit, shadowing / reverse shadowing, and operational knowledge validation. * Knowledge of **AWS** from a security, resilience, and cloud governance perspective under corporate standards. * Experience with security and compliance frameworks, including **ISO 27001**, **DORA**, **GDPR**, and environment segregation controls. * Strong **technical English proficiency**, particularly for international coordination, technical documentation, and participation in global architecture and security forums. Work mode is **100% remote**. * Experience in **asset security and access control** within critical environments, applying the **Least Privilege** principle and nominal production access control. * Experience in **operational resilience** and compliance with regulatory requirements such as **DORA** and **GDPR** in financial or regulated environments. * Experience in **vulnerability management** and use of static application security testing (SAST) across the development lifecycle, with explicit reference to **GitHub SAST / GitHub Advanced Security**. * Experience in **security in development (Secure SDLC)** and application of **OWASP** guidelines for secure development on **.NET Core** technologies. * Experience in **secrets management** and secure handling of credentials within CI/CD pipelines, using corporate tools and referencing **Terraform** and cloud-based secret services. * Experience in **auditing and continuous improvement**, maintaining process documentation and activity logs available for internal or external audits. * Experience in **initial technical and transition risk assessment**, including AS\-IS diagnosis, transition risk matrix, and knowledge gap analysis. * Knowledge of **AWS cloud environments**, including their security, resilience, and governance implications, covering services such as **EC2**, **S3**, **RDS**, and controlled deployments with **Terraform**. * Knowledge of **Windows Server 2019** and approved container-ready **Linux** operating systems, along with foundational software such as **IIS 10**, **.NET Framework / .NET Core**. * Familiarity with client corporate tools such as **JIRA Service Management**, **JIRA Software**, **Confluence**, **Xray**, as well as observability and monitoring tools like **Nagios**, **Control\-M**, **Grafana**, and **Splunk**. * Knowledge of **service continuity**, **DRP** drills, validation of **RTO/RPO**, and operational resilience reporting.


