AppSec - DevSecOps Engineer

Istanbul (All)
Engineering, Technology & Product – Tech Security /
Ready to learn more about us?
We were founded in 2010 with a dynamic and agile start-up spirit. The trust of around 30 million customers and 250,000 sellers has made us the first decacorn in Turkey. Our success is backed by renowned investors such as Alibaba, General Atlantic, Softbank, Princeville Capital and several sovereign wealth funds. In 2022, we opened our first dedicated international office in Berlin and expanded to Amsterdam, Luxembourg and London. And that's just the beginning!

Tech at the root
We believe that technology is the driver and e-commerce is the outcome. Thanks to the dedication of our team, we have become one of the top 5 e-commerce companies in EMEA and one of the fastest growing worldwide. We currently deliver over 1.5 million parcels daily to 27 countries.

Growth is in our DNA
As a young and dynamic company, we are constantly growing and expanding. With Trendyol Tech, one of the leading R&D centres, Trendyol Express, the fastest growing delivery network, Dolap, the largest platform for second-hand goods, and Trendyol Go, our instant food and grocery delivery service, we are gearing up to become the world's leading e-commerce platform.

Focused on positive impact
Our vision goes beyond business success. We strive to make a sustainable and positive impact on our customers, business partners, and society. By digitizing merchants and SMEs, helping businesses grow, and promoting women's economic empowerment, we are dedicated to creating a better future.

If you are a techie, you belong in our Technology Team that builds scalable, high-performance platforms for our customers using up-to-date and efficient technologies.

We are all working with the same purpose: To create a positive impact in our ecosystem by enabling commerce through technology.

Your Main Responsibilities

    • Collaborate with the Development and DevOps teams to implement security controls in the SDLC (Software Development Life Cycle) and Software Supply Chain
    • Secure Coding Development, Threat Modelling, Security Tool Management in CI/CD (SAST, DAST, SCA, IaC, CS, ASO, IAST, etc.), CI/CD Posture Security, Dependency Management, etc.
    • Collaborate with the DevOps team to implement security best practice on container, Kubernetes and cloud environment
    • Secure Container Images, Container Orchestration Policy Management, Mesh, Vault, Git etc.
    • Develop tools/scripts for repeatable application security task
    • Discovering web application assests and scanning periodically
    • Community contribution like developing tools, finding vulnerabilities on public projects, etc.

Qualities We Are Looking For

    • Being an agile minded team player
    • Eagerness on self-improvement, open-minded, future-oriented
    • Knowledge of the following: OWASP TOP 10 K8S, OWASP TOP 10 CI/CD, OWASP TOP 10 and OWASP ASVS
    • Technical Knowledge of following Secure SDLC practices and execution: Secure Coding Educations, Security Tool Integration CI/CD(like SAST, SCA, IaC, IAST, ASO, CS), Threat Modelling, etc.
    • Technical Knowledge of Software Supply Chain Security concept and requirements: Dependency Management, CI/CD Posture Security, etc.
    • Technical Knowledge of container, container orchestration platforms and common cloud technologies: Preparation of Vulnerability-Free Container Images, Image Signing, Kubernetes Policy Management, CNAPP, GitOps etc.
    • Development experience for repeatable tasks with any popular language go, python, bash, etc.
    • Technical Knowledge of understanding vulnerability risks & remediations

* Take responsibility from day one and develop your skills with a talented and diverse international team.
* Experience open communication, flexibility, and a start-up spirit in our unique culture.
* Tackle big challenges in e-commerce with Agile practices and encourage growth by learning from mistakes.
* Join creative and focused teams that prioritize collaboration and problem-solving.
* Access our extensive training platform for continuous learning and personal growth.
* Benefit from the support of a global team of experts with mentoring and professional development opportunities.
* Focus on talent and potential, not just job titles.
* Connect with teammates regardless of physical distance through events, meetings, and social activities.
* Enjoy competitive benefits such as Trendyol shopping budget, central and international office locations, and top-of-the-line technical equipment.

We're looking forward to receiving your application!

We embrace a hybrid working model that seamlessly blends the best of both worlds—remote productivity and the collaborative energy of our vibrant offices. Every month, we gather at our offices once to work side by side, fostering in person communication and embracing the camaraderie that fuels our team spirit. These sessions are crucial for teamwork in solving complex issues, socializing, learning from each other, and experiencing our culture.

Each division has a pre-set optional office day each week. Based on our preferences, we come together at our offices at our discretion as an opportunity to feel more team spirit, immerse in our culture, and familiarize ourselves with our way of workings.

We offer the opportunity for a two-month full remote work program, allowing you to work from abroad, during the summer period (July to August).

This working model applies to our hybrid job postings; on-site roles require being based in an office work environment.

Discover more about our #LifeatTrendyol and our culture on our WebsiteLinkedIn and YouTube channels.

At Trendyol, we believe in the power of an inclusive workplace. We value diversity and believe that every team member contributes to our vibrant culture. Our platform is for everyone, and so is our workplace. We encourage the representation and amplification of diverse voices in our business, as it allows us all to thrive, contribute, and shape the future together.