DevSecOps Engineer (BQA / NATO) Long-Term Contract, Remote (Europe) Lisboa

Role Overview

You will serve as the bridge between development, operations, and security, building, deploying, and maintaining infrastructure & pipelines that comply with NATO / BQA security standards. You will lead security automation, enforce compliance, and partner with architects and engineers to embed security deeply in all systems.

Key Responsibilities

• Design, implement, and maintain secure CI/CD pipelines and infrastructure
• Integrate security controls, scans, and audits into build and deployment workflows
• Automate compliance checks, vulnerability scanning, and remediation workflows
• Develop Ia
  C (Infrastructure as Code) templates and modules with secure defaults
• Harden systems, environments, and services to meet strict security standards
• Monitor, respond to, and analyze security incidents in production
• Conduct threat modeling, security reviews, and risk assessments
• Document security architecture, processes, and incident analyses
• Interact with external auditors, compliance teams, and stakeholders

Mandatory Requirements (any shortfall = disqualification)

1. Domain / Security Experience
   • Minimum 5+ years working in Dev
     Sec
     Ops, infrastructure security, or cloud security in regulated, defense, or government environments
   • Prior exposure to NATO / defense / BQA / similar
     - security domain
2. Cloud & Infrastructure Expertise
   • Proven
     - on experience with one or more major cloud platforms (AWS, Azure, GCP)
   • Deep knowledge of VPCs, networking, IAM, security groups, and
     - trust fundamentals
   • Experience with container orchestration (Kubernetes), serverless, and microservices
3. CI/CD, Automation & Tooling
   • Mastery of CI/CD tools (Jenkins, Git
     Lab CI, Git
     Hub Actions, etc. )
   • Skilled in building secure pipelines with automation, testing, rollback, and artifact control
   • Infrastructure as Code (Terraform, Cloud
     Formation, Ansible, etc. )
4. Security, Threat Modeling & Hardening
   • Expertise in secure design patterns, encryption, identity & access management, key management
   • Experience with vulnerability scanning (SAST, DAST), code scanning tools, security orchestration
   • Ability to perform threat modeling, risk assessments, and penetration test integration
5. Incident Response & Monitoring
   • Experience establishing and running security monitoring, SIEMs, log management, alerting
   • Incident response, forensics, root cause analysis
6. Process Rigor & Compliance
   • Familiarity with compliance standards (e. g. ISO 27001, NIST, Do
     D, etc. )
   • Ability to work under strict change control, audit, and documentation regimes
   • Strong discipline in versioning, approvals, rollback procedures, backups
7. Soft Skills & Communication
   • Excellent English (VERBAL + WRITTEN)
   • Ability to explain complex security issues to
     - technical stakeholders
   • High attention to detail, accountability, reliability
8. Logistics & Eligibility
   • Based in Europe, able to engage under contract legally
   • Willing to undergo security / background checks as required by defense clients

Preferred (Not Mandatory)

• Direct experience with NATO / BQA security projects
• Certifications such as CISSP, CISM, AWS / Azure Security, etc.
• Hands-on experience with
  - time systems, classified environments
• Experience with hardware, embedded systems, or
  - level security

What We Offer

• Competitive contract (remote, European)
• Long-term stable engagement
• Work at the forefront of secure systems, infrastructure, and defense
• High standards, professional environment, opportunities for impact

Application Instructions

• Your CV / resume, clearly highlighting Dev
  Sec
  Ops, security, and defense/regulatory experience
• Cover letter addressing how you meet each mandatory requirement
• Details or links for past projects in secure / regulated infrastructure contexts
• References or contacts able to speak to your performance in security / regulated roles

Note: Applications that do not clearly and specifically demonstrate your fit across all mandatory fields will not be considered. Please only apply if you fully meet the bar.