DevSecOps Engineer

DevSecOps Engineer  

 

Engineering, Software Development, DevOps, DevSecOps, Security

 

Hybrid working – 1 day London, 4 day’s work from home

@mecscommsis recruiting for a DevSecOps Engineer, on behalf a major telecommunications service provider. The role is crucial in the operational efficiency & security of software development & deployment processes, through the delivery of continuous improvement of DevOps practices. The DevSecOps Engineer will instal, configure, deploy & roll out Splunk software across the platforms & infrastructure managed by the Engineering & Run & Operate teams. The DevSecOps Engineer will also oversee logging & Security Information & Event Management (SIEM) aspects of infrastructure, collaborating with application development teams to resolve issues & enhance security measures within the CI/CD pipeline. If you have a background encompassing any of the following; Multi cloud environments, AWS, Azure, managing Splunk, defining data streams, indices, ingests & dashboards, adding security tooling to CI/CD pipelines, SAST, code security, SonarCloud, AWS Security Hub, Source code, Github, Github Actions, IaC tooling, Automation, AWS CLI, Python, PowerShell, Azure CLI, Docker, Kubernetes etc,  I’m keen to hear from you.

 

Position: Engineering, Software Development, DevOps, DevSecOps, Security

 

Purpose: Ensure security is seamlessly & effectively integrated with the software development life cycle (SDLC), recognising security threats, & configure infrastructure in such a way as to manage & deploy the environment, in a secure & optimised manner.

 

Location: Hybrid working, 1 day London office, 4 days remote working, work from home

 

Key Skills: Continuous Integration (CI), Continuous Deployment (CD), Infrastructure as Code (IaC), Security Automation, Vulnerability Management, Threat Intelligence, Secure Software Development Lifecycle (SSDLC), Compliance as Code, Security Orchestration, Container Security, Microservices Security, Threat Modelling, Secure Configuration Management, Secure DevOps Practices, Security Scanning & Testing, Security Incident Response, Identity & Access Management (IAM), Secure Cloud Environments, Secure Code Reviews

 

Nature: Permanent, Full Time

 

Hours: Monday – Friday 09.00 -17.30

 

Gross pay rate: £55,000 - £70,000 basic + 20% bonus, Health Care, Discounts & other benefits

 

Key Activity:

 

• Develop & Deploy Security Protocols
• Perform Security & Operational Evaluations
• Integrate Security & Operations within DevSecOps
• Manage Incident Responses
• Enhance Operational Effectiveness
• Coordinate on Code Security & Operational Streamlining
• Promote DevSecOps Principles
• Address Security & Operational Incidents
• Implement DevSecOps Enhancements

 

Overview:

 

As a DevSecOps Engineer within the Run & Operate chapter, you’ll  manage & deploy the environment in a secure & optimised manner, including managing the logging & SIEM aspects of the infrastructure & coordinating with application development teams to resolve issues.  You’ll work with the rest of the squad to incorporate more security checks into the CI/CD pipeline & validation of planned changes to ensure they comply with best practice.

 

Responsibilities:

 

• Establish & enhance infrastructure security standards

 

• Implement & maintain security controls throughout the software development lifecycle

 

• Serve as the go-to expert for infrastructure security matters.

 

• Collaborate with development, operations, & security teams to integrate security best practices into our DevOps processes.

 

• Collaborate with application development teams to refine logging processes for valuable insights.

 

• Automate security testing & vulnerability scanning within our CI/CD pipelines.

 

• Conduct regular security assessments & audits to identify & mitigate risks.

 

• Respond to security incidents & conduct post-incident analysis to prevent future occurrences

 

• Stay up to date with the latest security threats, vulnerabilities, & industry best practices.

 

• Collaborate with DevSecOps Product Owner, Run & Operate, Application Development & Cyber Security teams, to identify & implement enhancements to infrastructure & application security.

 

• Contribute to solving intricate cross-business technical challenges as part of the team.

 

• Develop business justifications for security enhancements & effectively present them to Product Owners & stakeholders, even those without technical backgrounds.

 

Candidate Profile:

 

Candidates should possess similar Security biased DevOps or DevSecOps experience. Your skillset is likely to include as much of the following as possible:

 

• Security operations management

 

• DevOps or software development roles, with a focus on security.

 

• Security tools such as vulnerability scanners, intrusion detection systems, & security information & event management (SIEM) solutions.

 

• Multi cloud environments AWS & Azure etc.

 

• Using & managing Splunk including defining data streams, indices & ingests & dashboards

 

• CI/CD pipelines & adding security tooling to these

 

• SAST & other techniques to improve code security

 

• SonarCloud, AWS Security Hub, etc. to improve security position

 

• Source code systems & branching strategies; Github & Github Actions

 

• Maintaining & updating infrastructure using IaC tooling

 

• Automation using a variety of tools & languages including AWS CLI, python, PowerShell or Azure CLI

 

• Containerisation technologies; Docker & Kubernetes.

 

• Continuous Integration & Continuous Deployment techniques, with the GitHub & GitHub Actions.

 

• Certified DevOps Engineer (DASA), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) are a plus.