LOCATION: BUCHAREST

Location Qualifications: hybrid, 2 days in the office
Position Overview:
Reporting to the Engineering Manager, the L2 SecOps Engineer will assist in advancing security measures in cloud-native environments and driving automation within security processes. This role offers an opportunity to deepen your expertise in modern SecOps practices while contributing to the security of Showpad’s infrastructure, products, and operations.

REQUIREMENTS:

• Relevant experience in information security, with exposure to security operations or application security.
• Hands-on experience with cloud platforms (preferably AWS), container technologies (e.g., Docker, Kubernetes), and securing microservices architectures.
• Familiarity with security tools and techniques for vulnerability management (e.g., SAST, DAST, SCA).
• Good scripting or development skills for automating tasks (e.g., in Python, TypeScript, or similar languages).
• Understanding of incident response principles and ability to handle security incidents efficiently.
• Solid understanding of web application security principles and frameworks.
• Working knowledge of compliance frameworks (e.g., GDPR, ISO 27001, SOC 2) and their relevance to security.
• Awareness of phishing and social engineering mitigation strategies.
• Strong English communication skills to effectively explain security concepts to diverse audiences.

• Collaborate with teams to ensure security best practices are integrated into application, hardware, and cloud infrastructure.
• Support the implementation and enhancement of CI/CD pipelines with security and quality tooling.
• Assist in managing the CNAPP (Cloud-Native Application Protection Platform) solution.
• Monitor and respond to security events involving vulnerabilities, endpoints, user behavior analytics, firewalls, IDS/IPS, and external threat intelligence.
• Conduct vulnerability management activities, including coordination with bug bounty programs and external penetration tests.
• Contribute to security automation within development workflows and infrastructure monitoring.
• Assist in security posture management of cloud environments (e.g., AWS), including securing containerized and serverless workloads.
• Help teams adopt best practices in the Secure Software Development Life Cycle (SSDLC).
• Participate in risk assessments, implement mitigation strategies, and ensure adherence to security policies.
• Performs other duties as assigned by immediate supervisor or management team.