12 months-Senior Cloud Security Engineer, DevSecOps £700
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Job Description
As a direct report to the Director, Product Information Security Officer (PISO), you will have the following responsibilities:
* Work closely with product and platform teams to engineer and implement cloud security controls with a focus on DevSecOps
* Snr Cloud Security DevSecOps Engineer will fundamentally change the way the security processes and tools are integrated within DevOps
* Implement a tools driven and highly automated approach to deliver our key security management processes by exploiting investment in existing tooling (e.g. ServiceNow, Chef, Splunk) and / or identify new tooling.
* Design and implement AWS/Cloud based DevSecOps processes and tools
* Develop procedures to automate security tasks during code builds and deployments
* Respond to and, when appropriate, resolve or escalate security incidents
* Report unresolved security exposures, misuse of resources, and noncompliance situations using defined escalation processes.
* Assist and train team members in the use of cloud security tools and the resolution of security issues
* Develop and maintain documentation for security systems and procedures
* Collaborate with the Ops team to build infrastructure and servers on AWS
* Lead AWS Cloud DevSecOps engineering integrations with platforms such as SPLUNK ES, Threat Analytics and UEBA
* Evaluate and recommend use of ML, AI, and data analytic services to enable action based events and triggers
* Actively involved in cloud environment threat hunting using manual and automated tools
* Build working relationships with corporate technology and business teams
* Build security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scale.
* Evaluate security technologies for cloud environments in order to implement controls in the most streamlined and integrated manner
* Deploy automated security solutions for cloud delivery processes
* Develop cloud security solutions to enable production security operations (SOC)
* Deploy compliance solutions for large-scale cloud environments using container and microservice technologies
* Develop security and compliance capabilities in support of DevOps processes
* Develop & deploy automated solutions to secure cloud development processes
* Craft and evangelize secure cloud platform & product requirements
* Communicate security risks and solutions to business partners, platform & product teams
* Embrace a culture of continuous service improvement and service excellence
* Stay current on security industry trends
Qualifications
Required Experience
* Overall 6 years experience in Technology with extensive experience in cloud solutions (AWS, OpenStack)
* Minimum 4 years of experience with implementing and automating Cloud DevSecOps including technologies such as SPLUNK ES, Twistlock, CloudPassage and threat intel platforms
* Extensive experience in cloud based DDoS protection services such as AWS Advanced Shield and Akamai
* Experience working in an IT Security Operations Center
* Experience with SIEM, IPS/IDS, security operations, incident analysis, incident handling, vulnerability management or testing, log analysis, and forensics
* In depth understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity and possible abnormal activities, such as worms, Trojans, viruses, etc.
* Solid understanding of Amazon Web Services (AWS) including VPC, ELB, IAM, KMS, EC2, Config, CloudTrail, CloudFormation, Lambda, and others
* Knowledge of network based, system level, and application layer attacks and mitigation methods
* Extensive Experience working with container technology including F and Kubernetes
* Experience in DevOps environments and maintaining security in CI/CD processes
* Experience with the development, deployment, and automation of security solutions in an enterprise cloud based environment
* Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security
* Ability to clearly and effectively communicate concerns, issues to other teams
* Experience in developing, documenting, and maintaining security procedures
* Proficient in AWS CLI, Bash, and Python
* Bachelor's Degree in Computer Science or related field or equivalent experience.
* Experience with custom development using AWS integration technologies, Python, Java/EE, JSON, SAML, XACML, SCIM.
* Experience in virtualization, Cloud Formation, Python in building hybrid cloud models with security layered in for groups, policies is critical for individual's hands-on expertise.
* Real time scalability and highly available solutions leveraging functions like Lambda, AWS Auto Scaling and Cloud Formations.
* Source code management tools such as BitBucket
* Skilled in HTML/CSS, JSON, REST, HTTP, Python, Java/EE, SAML, XACML, SCIM
* AWS certification along with other security certifications such as CISSP, SSCP is a plus
* Actively Participate in data design sessions
* Hands-on knowledge on DevOps methodologies and tools like SVN/GIT, Jenkins, JIRA, confluence, various monitoring/alerting tools;
