DevSecOps Engineer
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Job DescriptionAs a DevSecOps Engineer, you will work closely with IT and engineering teams on a day-to-day basis to ensure applications and products have been developed and deployed securely. There will be a constant need for you to get hands-on to identify or help resolve issues whilst looking at ways to drive automation and consistency in adopting a mature approach to security. Reporting to the Head of Product Security, this hands-on technical role will be working on a range of security projects and activities. You will be directly influencing the security posture of many applications and products across the company to ensure that security plays a key part in the development and engineering life cycles.
Role & ResponsibilitiesAct as one of the central points of contact with the business with regards to the secure software development life cycle of applications and products.Work with key stakeholders to ensure that security is built into the design of applications and products across the business. Drive the adoption of DevSecOps throughout the company. Integrate and maintain key security controls and technologies for the Security team in order to support DevSecOps. Deliver security automation at scale throughout the company to ensure high speed, automated security testing throughout the delivery pipeline.Analyse applications and products to identify key security risks, and recommend and drive security improvements using a risk based approach. Drive Threat Modelling throughout the engineering teams.Support vulnerability assessments and security testing. Actively work with engineers to remediate vulnerabilities, where appropriate writing the fixes yourself.Support the Security Risk Management function on security policies and standards, security audits, vulnerability compliance, and risk management.Work on the product security engagement plan, to educate engineers by scaling up security champions, implementing a framework for security best practice, threat modelling, and security input into design reviews.
Skills & QualificationsMinimum 4 years working as a DevSecOps Engineer with further hands on experience in security (Such as application security).Bachelor's degree in computer science or equivalent practical experience.Security certifications such as CISSP, CEH, SANS, CREST, OCSP, etc.Highly experienced at securing Cloud native web applications, mobile applications, infrastructure, etc. and supporting frameworks across e.g. OWASP Top 10.Writes code (e.g, Python, Go, NodeJS, Rust, Swift / Kotlin ) and builds tools and integrations.Experience with Security tools such asCheckmarx, Snyk, Cloudflare, AWS GuardDuty, AWS Inspector, Crowdstrike, etc. Extensive experience with version control and CI/CD pipeline ( gitlab, GitHub, CircleCI, bitrise ).Worked on s-SDLC in a large enterprise organisation(s).Broad knowledge of the security technologies and capabilities used in an enterprise, particularly in a high growth, cloud based environment. Extensive experience with cloud security such as AWS, Kubernetes, Docker, Registries, containers, etc
