We are currently looking for a DevSecOps Lead to join an existing team with one of our Financial Services clients.
As a DevSecOps Lead you will be working on embedding security controls into developer and platform operations and DevOps team working practices. This will involve working closely with security engineers, security consultants and application security experts to develop the enterprise’s security architecture and integrate security in to change pipelines in an automated approach.
- Support integration of security requirements into all stages of DevOps, and CI / CD pipelines by configuring and maintaining the security services operating in the DevOps environment.
- Support the continued security of the products that are being delivered by the DevOps environment and the environments hosting the DevOps platforms as well the networks being utilised to connect and access them.
- Advise & guide on the continued integration with strategic security capabilities for each of the delivery elements and help automate security at every stage. Ensuring security is fully integrated into the developer and operator’s world.
- Assess the output of automated security testing tools and deliver advice, guidance and recommendations on best approach to remediate findings.
- Delivery of Security Testing services for the scope and remit of the DevOps environment and the applications it hosts.
- Support delivery of security MI using security tool metrics and reporting the MI to drive the correct security behaviours in developers and operators.
- Support continuous security monitoring of applications, infrastructure and networks to help uncover security issues. Assess the output of the monitoring and deliver advice, guidance and recommendations on best approach to remediate findings.
- Support incident response processes to address active cyber-attacks and new threats that emerge for the scope and remit of DevOps environments and the applications it hosts.
Candidates will have experience of the following:
- Agile development and strong understanding of DevOps principles, including scrum and kanban working practices.
- Working in IT / Cyber Security roles, ideally within a regulated environment.
- Experience of securing cloud services, including IaaS, PaaS and SaaS variances.
- Proficiency of Azure security and how to secure services hosted in Azure
- Proficiency in one or more coding languages: JavaScript, C++, Python, Java
- Experience with development of microservices based platforms on Azure using Docker, Kubernetes. An understanding and experience of Prisma Cloud would be advantageous.
- Strong automation scripting skills.
- Cyber / Web Security - Firewalls, DoS, Proxies, CDN / WAF, API Gateways etc.
- Threat & Incident Management - SOC, SIEM, Threat Intelligence, etc
- Data Security
- Mobile Security
- Cryptography