Description
If you are an experienced Lead SecOps or SecOps Engineer ready to make a significant contribution working for one of the UK's fastest growing Financial Services Consultancies, then read on!
MHC are an award-winning IT and Business Consultancy, specialising in Change Management initiatives, which we deliver working in a collaborative way with our Clients.
We are currently working on a wide variety of assignments that include some major Digital Transformation initiatives, Regulatory and Compliance Programmes and Tools adoption projects where we are providing specialist technical and business services to a client base of primarily Tier 1 Banks.
You will have the confidence and the capability to step straight into a specialist consultancy role within one of MHC's Practice areas to provide effective and efficient solutions that support our Clients' business requirements, while working constructively with senior MHC and Client managers and other staff.
The Role:
You will work on a Programme that has a number of initiatives underway to improve the cyber security posture of the client. A core element of this programme is the delivery of a self-service AppSec tooling service that enables development teams to execute SAST, DAST, MAST, and Threat Modelling in an automated and self-service manner in line with SecOps principles. This will primarily be achieved through integration into DevOps CI/CD pipelines.
The Lead SecOps role is responsible for technical leadership, definition and implementation of these technologies in to the client's development community ensuring the seamless onboarding service to those tools. Working closely with key stakeholders, engineering teams and vendors the engineer will provide subject matter expertise ensuring requirements are met.
Job Duties:
- Provide technical oversight, leadership and subject matter expertise for the appropriate technology where required (SAST, MAST, DAST, ThreatModelling)
- Work closely with the project engineers and project manager to ensure the design, integration and adoption of the tools meet business and end user requirements
- Interact with stakeholders and technical contacts as necessary to deliver project outcomes
- Engage with DevOps teams to implement AppSec Tooling technologies following industry standard and best practices
- Guide early adoption teams with integrating tools into their integration and delivery pipelines
- Engage with product vendors as necessary to ensure the product and its use meets requirements
Required:
- 5+ years of software or security consulting
- 5+ years of Application Security Testing tools (desirable; SAST, DAST, MAST, ThreatModelling) - Checkmarx, NetSparker experience ideal.
- Bachelor's degree, or higher, in computer science, computer engineering, systems engineering or related discipline
- Familiarity with Jenkins and/or other build pipeline technologies
- Familiarity with the SecOps methodology
- Familiarity with application security best practices, standards, and frameworks
- Experience integrating automated tooling into SDLC process on a global scale
- Experience working in agile development practices and DevOps models
Recommended:
- Security certifications (eg ISC2 - CISSP, CSSLP, GIAC - GWEB, GMOB, GSSP-.NET, GSSP-Java, GWAPT, ISACA - CISA, CISM, CRISC, CSX)
- Experience developing or delivering security training
A career at MHC offers you something different: joining the MHC family' is more than just a job. It is a long-term opportunity offering accelerated professional growth, consulting or working directly with some of the world's most innovative and best financial institutions, albeit with the support and flexibility of a fast-paced entrepreneurial spirited environment.