[c. $220-280k Comp Package | Hybrid Working - 4 Days in Office]
Are you an accomplished DevSecOps Engineer ready to make a significant impact at a leading investment management firm? Our client, renowned for leveraging cutting-edge technology to drive financial innovation, is seeking a DevSecOps Engineer to enhance their Global Information Security team. This role offers a unique opportunity to lead the integration of robust security practices within a cloud-heavy, containerized environment while collaborating closely with developers and DevOps teams to build and manage secure frameworks from the ground up.
Key Responsibilities:
- Collaborate with DevOps teams to design, implement, and manage a comprehensive DevSecOps framework, embedding security into the CI/CD pipeline
- Promote and enforce secure coding practices, providing expert guidance on secure development methodologies
- Manage CI/CD tools from a server level, ensuring their optimal performance and security
- Develop and implement DevSecOps policies, standards, and training to build security awareness among developers
- Create secure code frameworks and advise developers on security best practices
- Implement and manage security testing tools (SAST, DAST, SCA, OSS) within the CI/CD pipeline
- Automate security controls and compliance checks to ensure adherence to industry best practices and regulatory requirements
- Troubleshoot and resolve security issues across the software development lifecycle
- Continuously monitor emerging security threats and vulnerabilities, applying best practices to enhance security posture
Key Requirements:
- 7+ years of experience in software development, DevOps, or security engineering with a strong emphasis on DevSecOps practices
- Strong development background with an understanding of best practices in development, capable of effectively communicating with developers
- Experience managing CI/CD tools such as GitHub, Jenkins, GitLab CI/CD, or Azure DevOps, not just using them but managing them at a server level
- Proficiency in infrastructure-as-code tools like Terraform or CloudFormation
- Strong scripting and automation skills using Python, Bash, or similar languages
- Experience in Application Security, with the ability to create secure code and advise on secure framework design
- Extensive experience with public cloud environments (AWS, Azure, GCP) and containerization technologies like Docker and Kubernetes
- Familiarity with security frameworks and compliance standards, including NIST CSF, ISO 27001, and SOC 2
- (Preferred) Experience within the financial services sector, with a preference for candidates who can navigate the complexities of building security frameworks without the constraints of larger firms
...
