• Integrate security at every phase of the software development lifecycle. • Collaborate with engineering and product teams in Agile/Scrum environments to prioritize, track, and remediate security issues during sprint cycles. • Develop and maintain threat models and perform design reviews. • Lead threat modeling sessions and conduct in-depth security architecture reviews. • Educate development teams on secure coding practices. • Actively support the organization’s secure software development lifecycle (SDLC) initiatives by integrating security controls, processes, and testing into development workflows and CI/CD pipelines. • Integrate security testing tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines. • Perform and manage vulnerability assessments, code reviews, and penetration testing. • Secure containerized environments (Docker, Kubernetes). • Ensure cloud infrastructure security (AWS/GCP/Azure) using infrastructure-as-code (IaC) tools like Terraform or CloudFormation. • Support documentation and evidence collection for SOC 2 Type II audits and HIPAA security risk assessments.

At IRIUM we want you to always chase your dreams. Here, prepare yourself to conquer your goals, while enjoying the journey. We are currently looking for. Java Developer Requirements: Java 17 + Spring Boot + EJB (Enterprise Java Beans) Elasticsearch MySql Wildfly server Mule Git Lab (Repository) Docker Keyclock Maven Location: Portugal, Remote What do we offer? ➡ An innovative and growing company, with a lot of opportunities for professional development. ➡ Retribution according to your experience and performance. Access to flexible pay and medical insurance as a social benefit. ➡ Unlimited access to technological training in free mode. IRIUM is a company with dynamic and proactive professionals. Our values are responsibility and commitment to work quality. This is the spirit we are looking for at IRIUM, whatever your age is. If you recognize yourself in this, this is your company! We can build the future together. Let’s talk! Send your CV to: recrutamento@irium.pt At IRIUM we defend a world without stereotypes or limitations and we believe in equality for all, principles that we subscribe to in our Equality Plan and Code of Ethics, guaranteeing equal treatment and opportunities regardless of any personal, physical or social condition.

• Design, build, and maintain end-to-end CI/CD pipelines in GitLab, with a strong focus on SAP platforms. • Develop, standardize, and document reusable CI/CD pipeline templates and components. • Automate manual deployment, release, and remediation processes. • Implement and support DevSecOps best practices, including security, quality, and compliance checks within pipelines. • Collaborate closely with infrastructure, security, and application teams to support on-prem (VMware) and cloud (GCP / Kubernetes) environments. • Contribute to the definition and adoption of DevOps standards and best practices across the organization. • Support knowledge sharing and technical guidance within the DevOps team.

Role Description You will be the single person responsible for the security of a platform that tracks hundreds of millions in digital assets. That is the job. Everything else is secondary. We need someone who breaks things for a living. Someone who looks at a login page and sees six attack vectors. Someone who reads a pull request and catches the injection vulnerability that two senior developers missed. Someone who lies awake thinking about the phishing campaign that hasn't been invented yet. If that sounds exhausting, this is not your role. If that sounds like Tuesday, keep reading. Your primary responsibilities are security and quality assurance: - Own penetration testing, vulnerability assessments, threat modeling, automated test frameworks, and CI quality gates across every product we ship. - Own infrastructure: AWS, CI/CD pipelines, monitoring, and incident response. - Write production code when security and QA responsibilities are covered. Qualifications - 5+ years in software engineering roles with meaningful, hands-on security and QA experience. - Fullstack development experience: you can build and ship features across frontend (React or equivalent) and backend (Node.js, Python, Go, or equivalent). - Hands-on penetration testing and vulnerability assessment experience across web applications, APIs, and cloud infrastructure. - Strong working knowledge of OWASP standards, including the OWASP Top 10, OWASP Testing Guide, and OWASP secure coding practices. - Experience building automated test frameworks and integrating testing into CI/CD pipelines. - AWS expertise (EC2, ECS/EKS, Lambda, VPC, IAM, S3, RDS, CloudFront, WAF). - Infrastructure as Code experience (Terraform, CloudFormation, or Pulumi). - Container technologies: Docker and Kubernetes in production environments. - Scripting and automation proficiency in Bash and Python. - Experience with secrets management tools (HashiCorp Vault, AWS Secrets Manager, or similar). - Familiarity with security and testing tools (Burp Suite, OWASP ZAP, Selenium, Cypress, Jest, Postman, or equivalent). - Strong communication skills: you can explain security risks and quality tradeoffs clearly to non-technical stakeholders. Requirements - Conduct regular penetration testing, vulnerability assessments, and threat modeling aligned with OWASP standards and methodologies. - Ensure full coverage of the OWASP Top 10 in application security testing, code reviews, and deployment checks. - Perform security-focused code reviews across frontend, backend, and infrastructure code. - Implement and manage secrets management, access controls, and least-privilege policies. - Build and maintain incident response playbooks. - Stay ahead of Web3 and crypto-specific attack vectors. - Manage and coordinate external security audits and penetration tests from third-party firms. - Design and implement test strategies across all products. - Build and maintain automated testing frameworks and CI quality gates. - Define and track quality metrics. - Write and execute security test cases. - Perform both white-box and black-box testing. - Test across the full stack. - Maintain and improve cloud infrastructure on AWS using Infrastructure as Code. - Own CI/CD pipelines. - Harden infrastructure. - Build logging, monitoring, and alerting across all services. - Ensure audit trails for user actions, system changes, and access events. - Manage production reliability, incident response, and cost optimization. - Contribute production code across frontend and backend. - Participate in architecture discussions and code reviews. Benefits - Competitive salary + performance-based incentives tied to retention & LTV improvement. - Direct exposure to founders. - Team Offsites. - Remote work. - High ownership, high-impact role.