DevSecOps (Securiry) - BPCE-SI (Porto/Lisboa)

Company Description

Natixis in Portugal is a Centre of Expertise with the mission to transform traditional banking by developing solutions for Groupe BPCE’s businesses, operations and work culture worldwide, driven by an innovation mindset, in a financial tech ecosystem.

Natixis in Portugal is part of the Global Financial Services division, where it applies technology for the development of financial expertise in its two global business lines – Corporate & Investment Banking and Asset & Wealth Management – and, transversally, for Groupe BPCE entities.

The Centre of Expertise, based in Porto, currently has more than 2700 employees from 40 nationalities, organised in three main departments: Information Technology, Banking Support Activities and Compliance. These teams work in an integrated, inclusive and transversal way, supporting and creating value for all the business lines and platforms of the group. Natixis in Portugal is the International Competence Centre (with an export orientation) which employs the largest number of people in the Porto district. The project in Porto is one of the biggest investments in Human Resources ever made by Groupe BPCE worldwide.

A disruptive mindset and a culture of proximity and agility identify Natixis Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.

In 2025, Top Employers Institute has awarded Natixis in Portugal the Top Employer Portugal accreditation for the third time. This certification recognizes excellence in people practices, following the example of its head office, in France, who was certified Top Employer France for the nineth year in a row.

Job Description

We are seeking a skilled DevSecOps Engineer to join our Security team at BPCE. In this role, you will play a critical part in enabling our IT teams to develop and release secure applications by implementing comprehensive Application Security testing solutions and promoting best practices across the organization.

Key Responsibilities:

• Application Security Testing Solutions: Study, test, deploy, and maintain Application Security Testing tools and methodologies, including SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), and RASP (Runtime Application Self-Protection).
• Security Scanning: Conduct application security scans on various business applications to identify vulnerabilities and ensure adherence to security standards.
• Collaboration with DevOps: Work closely with DevOps teams and other security professionals to automate application security testing and integrate security controls into the development and release pipelines (CI/CD).
• Code Security Reviews: Collaborate with developers to perform thorough security reviews of the bank’s applications, providing actionable recommendations for vulnerability remediation and mitigation.
• Guideline Development: Draft, update, and maintain application security guidelines to ensure secure development practices across teams.
• Reporting Platform Development: Develop and maintain a platform for aggregating and reporting application security results, enabling better visibility and informed decision-making regarding security posture.

Technical Requirements:

• Development Experience: Minimum of 5 years of experience with one or more programming languages (Java, Angular, .NET, PHP, Python, etc.).
• Best Practices Knowledge: Strong understanding of software development best practices and an awareness of source code vulnerabilities.
• Protocols Knowledge: Familiarity with HTTP and API protocols to ensure secure data transmission.
• CI/CD Tools: Basic experience with CI/CD tools, including GIT, Jenkins, and Azure DevOps.
• Security Tools Experience: Previous experience with static or dynamic security scanning tools is an advantage.

Language Proficiency:

• Fluency in French is mandatory; proficiency in English is a plus.

Join Natixis, the corporate banking, management, insurance, and financial services arm of the BPCE Group, the second-largest banking player in France, serving 36 million customers through its two networks, Banque Populaire and Caisse d'Epargne. In this role, you will contribute to shaping a secure digital environment and protecting the interests of our clients and stakeholders.

If you are passionate about DevSecOps and application security, and you thrive in a collaborative, innovative environment, we encourage you to apply and become a vital part of our dynamic team!

Additional Information

#MuchMoreThanJustAJob

Early morning. Campo 24 de Agosto. In 4 minutes, you are clocking in at the office. Start your day having breakfast with the Team and grab fresh fruit on the way to your seat, in one of Porto’s most typical neighborhoods. This Purple Day is going to be a busy one: daily meeting ensuring all team members are on the same page regarding work status, priorities and blockers, language class and, just after, a Talent Management meeting with your manager, discussing your career path. 

Lunch break. Today, your Team is onboarding newcomers, but also welcoming French colleagues: the perfect excuse to walk downtown and bond over a francesinha. When returning, inhale nature and peace of mind in Natixis Urban Garden (look at the crops; ready to harvest!). 

Back inside. Brainstorming session on a new, exciting project in our disruptive and immersive Manaus Village. The afternoon went flying (tasks, meetings, some jokes with your teammates). End it on a high note: celebrating cultural diversity with a Diwali, the Indian festival of lights. 

Tomorrow, you attend a conference led by influential speakers in your industry and, the day after, you will work from home, benefitting from some focus time to complete that report and soft skills course on LinkedIn Learning. Once you are done with your work for the day, strike the right note playing with Natixis band or be part of a board games session. If that is too steady for you, meet your colleagues to catch some waves or sail the Douro river during golden hour.