What do we do? 

As a pioneer for digital transformation, GFT develops sustainable solutions across new technologies – from cloud engineering and artificial intelligence to blockchain/DLT. With its deep technological expertise, strong partnerships, and comprehensive market know-how, GFT offers advice to the financial and insurance sectors, as well as the manufacturing industry. Through the intelligent use of IT solutions, GFT increases productivity and creates added value for clients. Companies gain easy and safe access to scalable IT applications and innovative business models. 

Who are we? 

Having started in Germany in 1987, GFT Technologies has grown to become a trusted Software Engineering and Consulting specialist for the international financial industry, counting many of the world’s largest and best-known banks as our clients. We are an organization that empowers you to not only explore but also raise your potential and seek out opportunities that add value. At GFT, diversity, equality, and inclusion are at the core of who we are. Ensuring a diverse and inclusive working environment for all communities is one of the main pillars of our diversity strategy, based on our core values and culture. We have been certified for 2022/23 as a ‘Great Place to Work’ in the APAC region. So, if you want to have the opportunity to work with an outstanding and progressive organization, this position could be right for you. 

Role Summary 

We are seeking an experienced and passionate Senior DevSecOps Engineer for the Service Operations team as we continue to grow our Operations-as-a-Service for our prime client. 

Key Responsibilities 

• Conduct manual and automated secure source code reviews in platforms such as Kotlin, Node.js, Android, iOS, and Python. 

• Perform mobile application penetration testing to identify and remediate vulnerabilities in Android and iOS apps. 

• Perform penetration testing on APIs, GraphQLs, and web interfaces to uncover and mitigate risks. 

• Conduct threat modelling and establish threat profiles to identify, quantify, and mitigate application security risks. 

• Collaborate with development, infrastructure, and networking teams to deliver secure application solutions. 

• Review and secure mobile and web APIs (REST, SOAP), ensuring proper SSL/TLS implementation. 

• Integrate security testing into CI/CD pipelines using tools such as GitHub Actions. 

• Use SAST/SCA/DAST tools to identify and remediate vulnerabilities. 

• Apply industry best practices including OWASP Top 10 for web, mobile, APIs, and OWASP ASVS. 

• Contribute to the development and enforcement of internal application security standards and policies. 

• Stay current with emerging threats, vulnerabilities, and security technologies, including AI-related security risks and defences. 

• Perform and automate BAU application security, offensive security, and vulnerability management tasks. 

Required Qualifications 

• At least 8 years of experience in software development, application security, and cloud platforms (AWS, Azure, GCP). 

• Hands-on experience in mobile, web, and API penetration testing using tools such as Burp Suite, MobSF, Frida, etc. 

• Proficiency in at least one programming language (e.g., Java, Kotlin, JavaScript, Python) and scripting (e.g., Bash, PowerShell). 

• Strong understanding of secure coding practices and code review methodologies. 

• Experience with threat modelling frameworks (e.g., STRIDE, DREAD). 

• Familiarity with Agile and DevOps environments. 

• Experience with SAST/SCA/DAST tools and integrating them into CI/CD workflows. 

• Solid grasp of API security and cryptographic protocols. 

• Knowledge of OWASP standards and secure SDLC practices. 

Preferred Qualifications 

• Experience with AI/ML application security (prompt injection, model abuse, red teaming). 

• Certifications such as OSCP, CSSLP, AWS/Azure Security Engineer Associate, or equivalent. 

• Experience with container security and infrastructure-as-code scanning.