Connecting Talent to opportunity

Connecting Talent to opportunity

Security Platform Engineer - DevSecOps

Expired

Job Description:

Security Platform Engineer Job description
  • Your role will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts
  • You will be expected to work closely with the Engineering and Data Science team in helping our developers write secure applications
  • You will need to have a security mindset - understanding of system vulnerabilities and how software can be built to fail; ability to think like a bad actor
  • You'll be expected to assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open source solutions
  • Your role reports into our CISO and sits in the platform team; day to day stand-ups will be with this team
Requirements


Responsibilities

  • Define security strategy together with CISO
  • Secure the (cloud) infrastructure while mitigating the security and operational risks
  • Help our developers write secure applications
  • Introduce "continuous security" into new and existing CI/CD pipelines
  • Introduce vulnerability, security scanning and other tools needed to defend our systems
  • Lead on education for developers and engineers on secure practices.
  • Embed security best practice into application development and DevOps practices
  • Work out security related metrics for reporting and monitoring



Essentials

  • Familiar with the DevSecOps manifest
  • Development background - knowledge of a programming language (Go, Python, Java.), application tools (Kubernetes, Vault, Terraform etc.) and security tools
  • Experience with security automation
  • Familiarity with API Security, Container Security, AWS Cloud Security
  • Familiarity with Information Security frameworks/standard: (e.g. ISO/IEC 27001:2013, CSA CCM, NIST CSF, HMG SPF and Cyber Essentials)
  • Firm grasp of AWS cloud infrastructure design, aligning security, performance, and resilience.
  • You'll have implemented and tested security policies and have a working knowledge of commonly used web infrastructure and tools.
  • You'll have experience in architecture security design, monitoring and performance instrumentation in a complex enterprise environment.
  • Experience on subjects like continuous delivery, distributed architectures and systems, everything-as-code, containerisation and cloud services.
  • Comfort debugging systems and reading/writing code
  • Understanding of Incident, Problem, Change and Release management processes
  • Job Type

    Permanent, Full Time

  • Work Authorisation

    No

  • Industry Sector Other