Security Engineer DevSecOps

Job Description

SecDevOps / DevSecOps / Security EngineerPermanent Position – Remote working possibleOur client, a global leader in their industry, is currently amidst a major technology transformation project, focussed around a technology movement to platform based development and increased usage of micrositesJoining our client in this role will enable you to gain broad business knowledge of the company’s activities globally, in addition to understanding how the complexity of technology supports the digitized industry. The roles operate using agile methodology delivering timely and effective cyber security of general and bespoke solutions.In this role successful candidates will be exposed to a wide and challenging range of business issues through regular engagement with stakeholders across all management level. You will work and communicate across geographical and cultural borders that will enable you to build a strong professional network. We will provide opportunities to broaden your knowledge and strengthen your technical and professional foundation.As a “Security Engineer”, you will gain broad business knowledge of the company’s activities globally, as well as understand how the complexity of IT supports the business. Key responsibilities•Within specific technical platform(s) be responsible for driving security improvement from design through delivery and into operations through good practices and representing the importance and business benefit of Cyber Security. Act as security evangelist and ‘mentor’ to the business and development teams.•Take the lead on finding technical Cyber Security solutions - drawing on your previous knowledge, self-learning and formal training. Embedding Secure-by-Design and Secure Development Life Cycle principles•Understand and clearly identify Cyber Security risk within an agile development environment. Highlighting risks to Cyber Security for inclusion on the Risk Register and to inform prioritisation of Cyber Security Backlog items.•Ability to apply security principles and good practice to manage security and risk in cloud environments., e.g. authentication, role-based access, encryption•Articulate identified risk during development to Business Owners and help mitigate - implementing suitable, cost-effective security measures throughout development phases (Agile/DevOps)•Discuss and analyse requirements with business stakeholders, and design high quality seamless solutions, balancing Cyber Security versus /business value trade-offs.•Work with multiple solution design options, and recommend the most appropriate solution considering business priorities, technical feasibility, return on investment and delivery timelines.•Participate in work estimation, scope definition and delivery planning activities.•Undertake security engineering in the Platform features and storiesRequired Applicant Background•Experience of working in an agile environment and application of Cyber Security within DEVSECOPS with a good understanding of customer centric design principles and software development.•Experience of providing Technical consultancy within a Digital/Cloud setting.•You should have experience of implementing vulnerability management and remediating security issues as they are found•Experience with the application of threat modelling or other risk identification techniques and security best practices associated with containers, kubernetes and distributed systems.•Knowledge of compliance standards like CIS, NIST in conjunction with PCI-DSS and GDPR. With working knowledge of secure development practices and standards such as OWASP and BSIMM especially on cloud providers•Identifying the need for new, or changes to existing, security patterns for API (Authorisation and OAuth 2.0 for key data), EDI and Event Streaming•Threat Modelling and Security testing Experience, to identify any security risks before live deployment (DAST and SAST)•Assisting integration of new digital products with Security Operations for Detect/Respond/Recover to cyber incidents•Development experience in .Net and/or Java. Experience with scripting (e.g. python, ruby, bash). Knowledge of XML and JSON. Hands on Azure security configuration and scripting skills•Demonstrable experience and execution of security automation, and configuration of Azure cloud native tools to maximise their effectiveness•Microsoft Azure certifications, e.g. Azure Security Engineer, Azure DevOps Engineer, Azure Solutions Architect•Excellent written and verbal communication skills with Stakeholder management and interpersonal skills at both a technical and non-technical level•Ability to manage conflicting priorities and multiple tasks•Proven ability to work and effectively prioritize in a dynamic, collaborative and decentralized work environment•High attention to detail*Our client has Offices in Berkshire & in Denmark (HQ) but at present we are considering remote working across Europe working as part of a virtual team