Description
Security Engineer - DevSecOps - IAM - London.
My client is looking for someone that is passionate about cyber security, protecting customer data and digital transformation. You must have experience in DevSecOps and Identity & Access Management. You should have knowledge of modern development techniques and tooling including knowledge of Jenkins, Nexus, SonarQube, Snyk, Docker and Kubernetes would be advantageous. You should have working knowledge of identity and access concepts (RBAM, RBAC, ABAC, PAM, MFA) and of certificates, secrets management and encryption.
Experience Required:
5+ years of experience in Cyber Security, Agile development, DevSecOps environments.
Role responsibilities
DevSecOps
- Provide security expertise related to modern development techniques and tooling (Agile, Git, branching strategies, Scrum/Kanban, CI/CD, IDE tools and pipelines)
- Working knowledge of Jenkins, Nexus, SonarQube, Docker and Kubernetes
- Engage teams to provide guidance for vulnerability management and risk reduction
- Previous experience with Java development would be preferred
- Conducting Threat modelling exercises and creating security NFR's
- An ability to conduct code reviews for common security misconfigurations and to influence developers on good security practices is highly desirable
- Experience on implementing security into CI/CD pipelines, with SAST/DAST, SCA type tooling
- Experience of scoping pen tests, working closely with external testers, analysing the findings and prioritising remediations with respective teams.
- Performing security assessment of vendors/tools
- Providing security inputs in Technical Working Groups and provide security summary to Technical Design Authority
Security Monitoring
- Working closely with Security Operations to investigate alerts and application monitoring security incidents identified by our SOC.
- Experience of the Splunk platform and log analysis would be advantageous to support development of security use cases.
- Ensure required logging is enabled across different layers of security including IAM, Applications, Databases and Cloud Platform
IAM/Authentication
- Work closely with Architects and Project Managers to deliver on project objectives.
- Strong knowledge of RBAM/RBAC/ABAC/PAM
- Provide technical advice to projects on the range of federated and un-federated authentication and authorisation systems available.
- Provide the oversight of the implementation of changes to the User Access Re-Certification process, understanding impact on other security and governance requirements and acting on/liaising with
Operational Responsibilities
- Promoting a culture of 'Security first' with responsibility of awareness and best practice
- Facilitate appropriate activities to support and improve ongoing awareness of IT Security best practices, developing awareness of requirements of standards such as ISO27001, GDPR and Cyber Essentials Plus.
- Support the development of operational processes and controls by operational teams aligned to IT Security Policies.