DevSecOps, Automation & Innovation Engineer | IT CIB
Indexed description
As part of Groupe BPCE’s international division, Natixis in Portugal designs and delivers solutions for its two core areas – Corporate & Investment Banking and Asset & Wealth Management – as well as transversal services that support all entities across the Group.
With more than 3,000 employees representing 46 nationalities, the teams work across Information Technology, Banking Support Activities, and Compliance, in an integrated, inclusive, and cross-functional way, supporting all business lines and platforms of the Group.
A disruptive mindset and a culture of proximity and agility identify Natixis in Portugal Team and reflect the company's mission to transform traditional banking at a global scale: a perfect match in the Portuguese dynamics and entrepreneurial ecosystem.
Job Description
We are seeking an Automation & Innovation Engineer to join the IT Transversal (IT TRV) Innovation & Development team — a forward-looking role driving automation transformation and continuous innovation of CIB's development and deployment ecosystem.
Key Responsibility Areas
- Automation Transformation Leadership
- Design and implement comprehensive CI/CD pipeline automation across CIB
- Automate infrastructure provisioning through Infrastructure-as-Code principles and tooling
- Establish GitOps principles for configuration management and deployment
- Automate security validation, compliance checks, and dependency scanning
- Drive adoption of containerization (Docker) and orchestration (Kubernetes/OpenShift)
- Create self-healing infrastructure that requires minimal human intervention
- Eliminate manual security reviews through automated security gates
- Innovation Leadership & Technology Prototyping
- Lead innovation lab activities — prototype and validate emerging automation technologies (service mesh, policy-as-code, advanced observability, GitOps tools)
- Conduct technology watch on DevOps, security automation, and AI4DevOps trends
- Create proof-of-concept implementations for cutting-edge tools/frameworks
- De-risk adoption of emerging technologies before enterprise-wide rollout
- Transfer innovations and c ompetencies to Development Squad and Business IT teams (IT TRV, IT GMT, IT GBCR)
- Establish automation excellence center standards and best practices
- Present findings and recommendations to CIB CIO community
- Self-Service Platform Engineering
- Design and maintain internal platform (CI/CD, IaC, observability, security scanning)
- Create Platform-as-a-Service (PaaS) abstractions hiding infrastructure complexity
- Enable developers to deploy code securely without manual security reviews
- Establish platform as reusable asset available to IT Transversal, GMT, and GBCR teams
- Build self-service capabilities (provisioning, deployments, rollbacks)
- Document and evangelize platform usage through training and community building
- Developer Experience & Productivity Innovation
- Measure "developer toil" — manual, repetitive work slowing down delivery
- Enable fast feedback loops — deployment feedback in seconds, not hours
- Design frictionless onboarding — new team members productive in days
- Build tools that feel like "magic" — developers don't need to understand infrastructure
- Conduct regular feedback sessions with development teams to identify pain points
- Velocity Metrics & Continuous Improvement
Lead time for changes Reduce from weeks to days/hours
Time-to-recovery (MTTR) Reduce by 50%+
Change failure rate Reduce failed deployments
Automation Coverage Targets
Area Target
Infrastructure-as-Code coverage 100%
Security validation automation 90%+
Testing automation 95%+
Self-service deployment adoption 90%+
- AI4DevOps Innovation & Intelligent Automation
- Design and deploy AI agents for infrastructure provisioning, deployment automation, and incident remediation
- Establish AI Agent Governance frameworks:
- Define permission systems and privilege boundaries for AI agents
- Implement containment strategies ensuring safe agent operation in production
- Establish audit trails and decision logging for agent actions
- Implement AI-driven threat modeling and proactive security:
- Leverage LLMs for threat modeling and adversary behavior anticipation
- Move from reactive compliance to proactive security hardening
- Build observability and tracing for AI agents (causal graph tracing, confidence metrics)
- Design data governance policies for AI agents (prevent data exfiltration, implement redaction)
- Develop "agent-ready" infrastructure code (idempotent, predictable, safe for AI consumption)
- Establish hybrid human-AI workflows with clear escalation paths
- Bachelor's degree in Computer Science, Engineering, or equivalent experience
- 5+ years in DevOps, Infrastructure Engineering, SRE, or related roles
- 3+ years driving innovation, prototyping technologies, or leading architectural improvements
- Proven track record of reducing manual toil and improving team velocity
- Familiarity with financial services or regulated industries preferred
- Expert-level Infrastructure-as-Code principles and practices (tool-agnostic)
- Strong CI/CD expertise: Jenkins, GitLab CI, GitHub Actions
- Deep containerization (Docker) and orchestration (Kubernetes, OpenShift)
- Linux/Unix system administration (RHEL, CentOS, Ubuntu)
- Git mastery (GitFlow, branching strategies)
- Cloud platform experience (AWS, Azure, GCP)
- Application security principles (OWASP Top 10)
- Security scanning automation: SAST/DAST (SonarQube, Checkmarx, ZAP)
- Container security scanning (Trivy, Aqua)
- Secrets management (HashiCorp Vault, AWS Secrets Manager)
- Compliance frameworks (PCI-DSS, GDPR, SOX)
- Security policy-as-code (OPA, Kyverno)
- Understanding of AI agents and LLM applications in operations
- Familiarity with prompt engineering and LLM-based tooling
- Conceptual knowledge of agent governance, permission systems, and sandboxing
- Exposure to AI agent frameworks (LangChain, AutoGen)
- Understanding of hybrid human-AI workflow design
- Prometheus, Grafana, ELK Stack, Datadog
- Centralized logging (ELK, Splunk, CloudWatch)
- APM and distributed tracing (Jaeger, DataDog, New Relic)
- Proficiency in Python, Go, Java, or Bash
- REST APIs, microservices, event-driven systems
- Software design principles and testing strategies
- Innovation mindset — prototyping, experimentation, "failing fast"
- Entrepreneurial drive — ownership, bias toward action
- Communication — technical and non-technical stakeholders
- Collaboration — across Development, Security, and Operations
- Teaching mindset — mentoring teams on automation best practices
- Continuous learning — staying current with emerging technologies
- Open-source contribution or community involvement
- Service mesh experience (Istio, Linkerd)
- GitOps platform experience (ArgoCD, Flux)
- Incident response and postmortem facilitation
- Deployment frequency: weekly → daily or multiple-times-daily
- Lead time for changes: weeks → days/hours
- MTTR: reduce by 50%+
- Change failure rate: reduce failed deployments and rollbacks
- Infrastructure-as-Code: 100% defined in code
- Security scanning: 90%+ automated
- Testing: 95%+ executed automatically
- Deployments: 90%+ via automated pipelines
- Developer adoption: 80%+ of CIB developers using self-service platform
- Self-service deployments: 80%+ of production deployments
- Developer toil reduction: 20%+ in manual tasks
- Developer satisfaction: 80%+ satisfaction score
- Technologies prototyped: 2-3 per year
- Prototype-to-production rate: 60%+ within 18 months
- Regular innovation updates to CIB CIO community
- AI agent governance framework: established and documented
- AI-driven infrastructure changes: 30%+
- Agent success rate: 95%+ reliability
- Proactive threat detection via LLM-based modeling
Our workplace reflects the vibrant spirit of our locations, with initiatives such as a Green Transportation Budget, electric bikes and a flexible Hybrid Work Policy. We promote wellbeing through the Honolulu Wellness Club, a Prayer Room, a Lactation Room, and themed Villages that inspire creativity and collaboration. Through our ESG and DEI strategies, we are committed to being inclusive, caring, and fair, ensuring every voice is heard and valued.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search