DevSecOps Engineer (Data)

This job has now expired please search on the home page to find live IT Jobs.

At Kingfisher our customers come from all walks of life, and so, do we. We want to ensure that all colleagues, future colleagues, and applicants to Kingfisher are treated equally regardless of age, gender, marital or civil partnership status, colour, ethnic or national origin, culture, religious belief, philosophical belief, political opinion, disability, gender identity, gender expression or sexual orientation.

If you require any additional support or adjustments to help you make an application, please contact us.

We advocate the benefits of a flexible and hybrid working environment, recognising that this means different things, to different people, in different roles. Want to apply as a job share, or propose a way of working that isn't the traditional 9am - 5.30pm, Monday through to Friday? We're all ears.

Experience profile:

A Security Engineer Tech Lead will be an experienced Security Engineer, able to facilitate continuous delivery of quality software using DevSecOps practices and principles passionate about an Infrastructure delivery model. This role will contribute to outputs of a vital Kingfisher platform capability. They will require a broad cross section of skills along with a strong consultative approach. This will involve working together with teams and consumers to guarantee that the right practices are in place. This is a hands-on role, actively pairing to share knowledge, key decision making when needed and enabling the delivery team's progress around all aspects from individual growth, service improvements and future strategies.

Core Responsibilities and Work you're doing :

Security backlog pruning and planning

Drive automation in all technical areas.

Sharing expertise with all wider teams, Group Tech and beyond.

Help to craft and delivery of common pipelines and paths to production.

Working with the product owner and scrum masters to deliver and communicate a cohesive platform vision in accordance with our infrastructure strategy.

Good ability in presenting clearly and concisely with partners at all levels.

Helps shape and deliver a single vision for the teams to be excited by and strive to attain.

Use strong problem-solving skills and clear thought process to help the teams when decisions are needed.

Proven experience of working closely with and supporting the security administration process and relevant security domain leads, within a cloud/dev-ops context

Enabling Skills:

Have great collaborative skills - be able to bring people together, across all IT, Business and External areas, to enable us to deliver the goals of our business.

A solid understanding of Security Engineering practices inc understanding of SLSA and SBOM.

Good experience within Application Security / InfoSec / Engineering

A good grasp of DevOps & DevSecOps practices

Hands-on experience within Security Application Engineering & testing tools (eg; BurpSuite, OWASP Zap, OWASP Amass, Metasploit)

Cyber Security experience with a focus on application assurance tooling (such as Static, Infrastructure, Real Time and Dynamic Security tooling and processes)

Excellent Testing, Analysis and vulnerability testing/code review skills

Experience of Enterprise Cloud technologies such as AWS, GCP, Kubernetes etc would be ideal.

Ideally hold relevant qualifications (OSCP, CSSLP, CEH, ISSEP, Ethical Ninja)