Trendyol Group

AppSec - DevSecOps Engineer

Reposted 9 Days Ago

Be an Early Applicant

2 Locations

Hybrid

Mid level

eCommerce

The Role

As an AppSec - DevSecOps Engineer, you will implement security in the software development lifecycle, collaborate with DevOps, manage security tools, and develop scripts for application security tasks.

Summary Generated by Built In

About the Team

At Trendyol Tech, our mission is to create a positive impact in our ecosystem by enabling commerce through technology.

We solve complex problems with data, creativity, and agility — always driven by real outcomes. With a culture built on learning, collaboration, and ownership, we grow together while building what’s next.

About the Role

As an Application Security Engineer, you'll be a vital part of our team, responsible for building security directly into our software development lifecycle. This role involves more than just finding vulnerabilities; you'll be a key partner to both our Development and DevOps teams, helping to implement robust security controls from code creation to deployment. You'll leverage your expertise in modern security tools, automation, and best practices to ensure our applications are secure and resilient.

Responsibilities

Collaborate with the Development and DevOps teams to implement security controls in the SDLC (Software Development Life Cycle) and Software Supply Chain
Secure Coding Development, Threat Modelling, Security Tool Management in CI/CD (SAST, DAST, SCA, IaC, CS, ASO, IAST, etc.), CI/CD Posture Security, Dependency Management, etc.
Collaborate with the DevOps team to implement security best practice on container, Kubernetes and cloud environment
Secure Container Images, Container Orchestration Policy Management, Mesh, Vault, Git etc.
Develop tools/scripts for repeatable application security task
Discovering web application assests and scanning periodically
Community contribution like developing tools, finding vulnerabilities on public projects, etc.

Expected Qualifications

Being an agile minded team player
Eagerness on self-improvement, open-minded, future-oriented
Knowledge of the following: OWASP TOP 10 K8S, OWASP TOP 10 CI/CD, OWASP TOP 10 and OWASP ASVS
Technical Knowledge of following Secure SDLC practices and execution: Secure Coding Educations, Security Tool Integration CI/CD(like SAST, SCA, IaC, IAST, ASO, CS), Threat Modelling, etc.
Technical Knowledge of Software Supply Chain Security concept and requirements: Dependency Management, CI/CD Posture Security, etc.
Technical Knowledge of container, container orchestration platforms and common cloud technologies: Preparation of Vulnerability-Free Container Images, Image Signing, Kubernetes Policy Management, CNAPP, GitOps etc.
Development experience for repeatable tasks with any popular language go, python, bash, etc.
Technical Knowledge of understanding vulnerability risks & remediations

What We Offer

- Hybrid working model with flexibility: a schedule that helps you find the right balance between flexibility and team bonding, including work-from-abroad opportunities and a summer working model.

- Customisable FlexBenefits budget: Adjust your daily meal allowance, choose your health insurance package (and extend it to your spouse or children), and pick from additional benefits like fuel support or Trendyol shopping credits.

- Well-being support: Access to location-based in-house doctors, as well as psychologist and dietitian support, and HPV vaccination provision.

- Personalised training allowance and learning opportunities: Use your annual budget for any training or conference of your choice, explore our Learning Management System (LMS) anytime, and join in-person learning sessions offered throughout the year.

- Responsibility from day one: Take full ownership from the start in a culture where every voice is heard and valued.

- A diverse, international team: Collaborate with global peers across our offices in Berlin, Amsterdam, Dubai, and beyond, in a startup-spirited and collaborative environment.

- Opportunities to grow with the best: Tackle meaningful challenges, develop through hands-on experience, and grow with the support of expert guidance and global mentoring.

- Meaningful connections beyond tasks: Be part of team rituals, events, and social activities that help us stay connected and inspired.

Take the Next Step

If this role excites you, apply today, we look forward to taking the next step with you.

Want to get to know the team better first? Explore our Career Website, LinkedIn, or YouTube to learn more about #LifeatTrendyol and how we work.

Top Skills

Aso

Bash

Ci/Cd

Dast

Iac

Iast

Kubernetes

Owasp

Python

Sast

Sca

View all jobs at Trendyol Group

View Trendyol Group Profile

Report Job

Am I A Good Fit?

beta

Get Personalized Job Insights.

Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company

10,653 Employees

Year Founded: 2010

What We Do

We were founded in 2010 with a dynamic and agile start-up spirit. Since then, we have grown into a decacorn, backed by Alibaba, General Atlantic, Softbank, Princeville Capital, and several sovereign wealth funds. We believe that technology is the driver; e-commerce is the outcome. Thanks to our dedicated team, we are one of the top five e-commerce companies in EMEA and one of the fastest-growing e-commerce companies in the world! We deliver more than 1.5 million packages every day across 27 countries. We offer our 30 million customers a flawless shopping experience. Dreaming big is in our DNA: We're gearing up to be the leading global e-commerce platform. As a dynamic and passionate company, we are constantly growing with Trendyol Tech, one of the top R&D centres; Trendyol Express, the fastest growing delivery network; Dolap, the largest second-hand goods platform; and Trendyol Go, our instant food and grocery delivery service. And we’re not done yet! Now, we are on a journey to expand the positive impact we create to international markets. We opened our first international office in Berlin in May 2022 and Amsterdam followed in October 2022 and may others are on the way.