ITDS Portugal

ITDS is a leader in outsourcing IT engineers and works with various web and mobile technologies for over 30 global clients. It has been recognized as one of the 1000 fastest-growing companies in Europe for three consecutive years, Great Place to Work, and the Forbes Diamond award in 2023. ITDS currently has more than 600 IT professionals working in Portugal, Poland, and the Netherlands.

About company

Senior DevOps Security & SBOM Obsolescence

On-site

location Lisbon

date June 23, 2026

Apply here apply

View all jobs

Turn CI/CD into a security powerhouse—make SBOM obsolescence a solved problem.

Lisbon-based opportunity with remote work (up to 2 days per week on-site).

As a Senior DevOps Security & SBOM Obsolescence, you will be working for our client in an environment where industrial-grade CI/CD and security-by-design are essential. You will help build and maintain secure automation pipelines, analyze software supply chain risks from SBOMs, and support standardization across multiple projects—so teams can ship faster with confidence, even without direct access to application source code.

Your main responsibilities:

Design, implement, and maintain industrial CI/CD pipelines across multiple projects using tools such as GitLab CI, Azure DevOps, Jenkins, or equivalent.
Integrate security controls into CI/CD workflows to strengthen the software delivery lifecycle.
Manage dependencies and repositories (e.g., Artifactory or equivalent), ensuring reliable artifact handling and traceability.
Apply SBOM-based analysis to identify library obsolescence and end-of-life (EOL) risks.
Work with SBOM data (CycloneDX, SPDX, etc.) to evaluate risks even when application source code is not directly available.
Perform Open Source vulnerability analysis by mapping findings to CVEs and transitive dependencies.
Use security scanning tooling such as JFrog Xray (or similar) to support vulnerability and compliance checks.
Collaborate effectively across Development, Security, Software Factory, and Management to drive standardization and industrialization.

You're ideal for this role if you have:

4+ years of experience in DevOps and CI/CD, with strong hands-on expertise in building and maintaining industrial pipelines.
Strong CI/CD experience with GitLab CI, Azure DevOps, Jenkins, or equivalent.
Solid knowledge of dependency management and repository/artifact solutions such as Artifactory (or equivalent).
Hands-on experience integrating security controls into CI/CD pipelines.
Good knowledge and/or practical experience with SBOM standards and formats (CycloneDX, SPDX, etc.).
Experience with JFrog Xray or similar security scanning tools.
Ability to analyze Open Source vulnerabilities (CVE mapping and transitive dependency risk).
Experience working from SBOMs without direct access to application source code.

It is a strong plus if you have:

Interest in automation, agent-based approaches, or Github Copilot to accelerate security and SBOM workflows.
Contribution to standards or development methodologies.
French B2 (nice to have).

Language Required for the role :

English (Communicative / B2 – working proficiency).

Eligibility for the role :

Only candidates with an existing legal right to work in Europe will be considered for this role.

#MAKEYourCareerBETTER

Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.

https://itdsportugal.com/en/it-jobs/9420/?utm_source=itjobs

Contacts and Address

Twitter Linkedin Facebook

Similar jobs

Business Analyst

Bee Engineering , Lisbon

Wellhub talent pool - full time - remote

Wellhub (anteriormente Gympass)

Product manager, blockchain integrations - remote

Anchorage Digital , Lisbon

Data Engineer

Dellent Consulting , Porto

Frontend Developer - Angular

Growin , Porto