Responsibilities
- Collaborate closely with Development teams to integrate security controls throughout the Software Development Life Cycle (SDLC) and Software Supply Chain.
- Embed secure coding and threat modeling into the development process by integrating and operating security tools throughout CI/CD pipelines (SAST, DAST, SCA, IaC Scanning, IAST, Container Scanning, etc.).
- Improve and maintain CI/CD security posture, including secure dependency management practices.
- Contribute to securing container ecosystems, including:
- Secure container image creation and vulnerability remediation
- Image signing and verification
- Policy management
- Secrets management, and Git security
- Develop tools and automation scripts to support repeatable application security tasks.
- Discover and maintain an inventory of web application assets and perform periodic security scanning.
Expected Qualifications
- Agile-minded team player with strong collaboration skills.
- Strong eagerness for self-improvement; open-minded, proactive, and future-oriented.
- Knowledge of industry standards and frameworks, including:
- OWASP Top 10
- OWASP ASVS
- OWASP Top 10 CI/CD
- OWASP Top 10 Kubernetes
- Hands-on experience with Secure SDLC practices, including:
- Secure coding education and enablement
- CI/CD security tool integration (SAST, SCA, IaC, IAST, ASO, Container Scanning, etc.)
- Threat modeling methodologies
- Solid understanding of Software Supply Chain Security, including:
- Dependency management
- CI/CD posture security
- Technical knowledge of containerization, orchestration platforms, and cloud security concepts, such as:
- Building vulnerability-free container images
- Image signing and verification
- Policy management
- Software development experience focused on building maintainable and scalable applications, using languages such as Go or Python.
- Developing Application Security services that serve the entire Trendyol developer ecosystem.
- Engineering scalable, modern, and production-ready applications, moving beyond basic automation and simple scripts.
- Using modern development workflows to effectively collaborate and "speak the same language" with software engineers.
- Ability to assess vulnerability risks and provide effective remediation recommendations.
Similar Jobs
.png)
What We Do
We were founded in 2010 with a dynamic and agile start-up spirit. Since then, we have grown into a decacorn, backed by Alibaba, General Atlantic, Softbank, Princeville Capital, and several sovereign wealth funds. We believe that technology is the driver; e-commerce is the outcome. Thanks to our dedicated team, we are one of the top five e-commerce companies in EMEA and one of the fastest-growing e-commerce companies in the world! We deliver more than 1.5 million packages every day across 27 countries. We offer our 30 million customers a flawless shopping experience. Dreaming big is in our DNA: We're gearing up to be the leading global e-commerce platform. As a dynamic and passionate company, we are constantly growing with Trendyol Tech, one of the top R&D centres; Trendyol Express, the fastest growing delivery network; Dolap, the largest second-hand goods platform; and Trendyol Go, our instant food and grocery delivery service. And we’re not done yet! Now, we are on a journey to expand the positive impact we create to international markets. We opened our first international office in Berlin in May 2022 and Amsterdam followed in October 2022 and may others are on the way.
