DevSecOps Engineer

DevSecOps Engineer - Cybersecurity / Supply Chain Security / SBOM / Vulnerability Management

Neotrust is a cybersecurity innovation company helping CISOs, CIOs and CTOs run their security transformation across Europe and North America. On behalf of one of our flagship clients - a major European actor in the space and critical‑infrastructure sector - we are looking for a confirmed DevSecOps Engineer to help build a next‑generation cybersecurity platform protecting strategic European programs.

This is a deeply technical, R&D‑style mission: design, build and operate a modern cybersecurity ecosystem that combines COTS tooling, custom automation, APIs, dashboards, threat intelligence and AI‑powered capabilities. A showcase project for sovereign European cyber operations – the kind of place where what you ship actually defends critical assets.

WHAT YOU WILL DO

• Design and maintain advanced security stages in GitLab CI pipelines.
• Implement security gates with configurable thresholds and build‑failure decision logic.
• Manage false positives and drive vulnerability lifecycle workflows in the pipeline.
• Automate code signing, attestations and provenance with cosign, in‑toto predicates, OCI registries.

Software Supply Chain Security

• Build and harden the supply chain following SLSA principles.
• Automate dependency upgrades (Renovate) and integrate scoring (OpenSSF Scorecard).
• Generate, merge, normalize and enrich SBOMs in CycloneDX (PURL, CPE).
• Operate continuous dependency tracking with Dependency-Track.

Vulnerability Management

• Aggregate, deduplicate and prioritize vulnerabilities across multiple sources.
• Work with CVSS, EPSS, VEX and the full vulnerability lifecycle.
• Integrate and orchestrate vulnerability management platforms (e.g., Hackuity).
• Drive remediation planning and false‑positive handling.
• Build CTI workflows with MISP, OpenCTI, STIX and TAXII.
• Map threats and findings using MITRE ATT&CK, CAPEC, D3FEND, Cyber Kill Chain.
• Support integration with pentest, red‑team and Breach & Attack Simulation tooling.

Automation & Scripting

• Develop Python automation for security workflows, data normalization and aggregation.
• Migrate existing PowerShell scripts to Python.
• Consume and orchestrate REST APIs across the security stack.

WHAT WE ARE LOOKING FOR

• 5 years in DevSecOps, SecOps or cybersecurity automation.
• Supply chain: SLSA, cosign, in‑toto, OCI registries, OpenSSF Scorecard, Renovate.
• SBOM: CycloneDX, Dependency‑Track, PURL, CPE, BOM merge / enrichment.
• VulnMgmt: CVSS, EPSS, VEX, Hackuity or equivalent.

NICE TO HAVE

• EBIOS RM, Egerie, Cyberwatch.
• SOC engineering, Sigma rules, SIEM, NIDS.
• Grafana dashboards, GitLab Security features.
• AI‑assisted security (remediation, investigation, rule generation).

LOCATION & CONSTRAINTS

• Hybrid – Toulouse strongly preferred. Remote candidates considered if able to come onsite ~1 week / month.
• Compatibility with French Eyes Only export constraints.
• Only profiles compatible with French and EU accreditation requirements will be considered.

WHY JOIN US

• Flagship European cybersecurity program, strategic infrastructure.
• Modern, deeply technical stack – supply chain, SBOM, CTI, AI‑assisted security.
• Real autonomy in a small senior SAFe agile team of cyber, infra and AI specialists.
• Long‑term contract with clear deliverables and visible impact.
• Competitive daily rate, commensurate with experience.