Description
DevSecOps, .NET or Python or Java, GIT, CI/CD, Powershell or Bash or Go, AWS, Azure,
Working with a leading Security, DevOps and DevSecOps focused consultancy to secure the services of a DevSecOps engineer for a global energy sector client. The customer has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effectiveness and new business models. As an IS Engineering Specialist, you will be responsible for delivering support to application and platform teams across our customers organisation to help them secure their applications sooner - shift left'. Using knowledge of the full software SDLC and full stack development, you will work within a team of IS engineers to make changes to our customers services offering which covers AppSec advisory and design support, DevOps tool integration and Application Security testing.
You will see that the organisation follow policies, standards and best practices and provide technical expertise to internal and external stakeholders. It's a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the world's most forward-thinking IT departments and leading IT vendors at your fingertips.
- The successful candidate develops the technology & processes for enabling and operating the practice of identifying, classifying, prioritising, remediating, and mitigating vulnerabilities across our customers network.
- You will work within an agile delivery squad interacting directly with our clients internal customers, development teams, business product owners and 3rd party vendors.
- In depth knowledge and exposure to the application development practices and DevOps is essential (you should be comfortable working with various SCM/Git approaches, CICD pipelines, Powershell/Bash or Go)
- In depth knowledge of at least one of the languages below
.Net
Python
Java
Team: You will provide technical expertise to support information security and risk activities specific to your specialism. This could involve designing and developing security solutions to work across IT environments that are consistent with current policy; running investigations and incident response processes and providing a consistent response to cyber-based malicious activity; and acting as an interface with various teams dealing with information security in their segment/functions etc. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities follow relevant standards.
Relationships: You will develop and maintain relationships with stakeholders, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions protect against cyber risks. A senior professional, you will provide informal mentoring/training to junior members of the team.
- You will have advanced technical knowledge and experience in delivering secure code, ideally having an understanding of types of security testing.
- Cloud technology experience with AWS & Azure
- You will have sound stakeholder management experience.
- Identifies and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks.
- Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions eg legal, technical support.
- Exposure to vulnerability and penetration testing methods.
- Supporting vulnerability scanning operations.
- Experience with working with customers and vendors to meet requirements, building features and deploying them to enable the business to be more secure.
- Actively monitors for, and seeks, opportunities, new methods, trends, capabilities, and products to the advancement of the organisation.
- Evaluate and recommend new and emerging application security products and technologies.
- Support and lead on security incidents.
- Drive adoption of new tools and techniques with an understanding of their value and impact.
- Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the Technology team and the rest of the organisation.
- Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
- Deliver quality technical solutions and engagements with customers (application developers and devops engineers) that help service owners secure their apps sooner.
- Contribute during the team ceremonies around backlog grooming, ideation, spikes - and of course daily stand ups, demos & retrospective sessions
- Be adaptable and willing to grow AppSec expertise
Sharing knowledge (cross-pollination) between Chapter members that can be utilised by various Squads.
Technical capability
Essential:
- Modern Application Development, cloud native, containers, serverless
- DevOps tool chains and enterprise systems covering CMDB, ITSM and Identity
- Automated Testing - BDD/TDD, Unit Testing, Code Quality