technology job

Dev SecOps Engineer

  • Posted April 22, 2024
  • £60000 - £70000 per annum + + benefits
  • Fully Remote with visits to site once per month
  • Permanent

Dev SecOps Engineer

Bath – Fully Remote

£60,000 – £70,000 + benefits

Fantastic new permanent opportunity for an experienced Dev SecOps Engineer with fast growing specialist Fintech business. This is a great opportunity to join a new security focussed squad within their forward-thinking engineering team you will have a unique opportunity to shape what security means to the business. As a passionate security advocate, you will navigate complex challenges and approach platform design pragmatically. Leverage modern tools, languages, and platforms to contribute to efficient, secure, and scalable delivery of high-performance products.

Main responsibilities:

  • Work within a newly formed Security squad to continuously improve security posture within their cloud estate.
  • Consult, advocate, and teach security best practice across engineering.
  • Utilise modern tooling to shift security left, collaborating closely with development teams to ensure security is addressed early in the development lifecycle.
  • Review security best practice, remediating and implementing controls to ensure compliance.
  • Implementing security gates within the CI/CD workflows to ensure secure deployments.
  • Write Infrastructure-as-code to build secure infrastructure repeatedly.
  • Proactively patch infrastructure and code.
  • Engage in debates around processes and methodologies, actively contributing fresh ideas and challenging the status quo. You’ll embrace a culture of psychological safety, confidently voicing opinions to achieve quality standards.
  • Leverage managed services (where appropriate) to enable the team to focus on delivering core business value.

Skills Required:

  • Proven previous experience gained working within a similar Dev SecOps engineering position.
  • Strong experience securing cloud platforms, primarily AWS and Mongo Atlas.
  • Exposure to Audits/Compliance/Security frameworks (ISO27001, SOC2, OWASP, SAMM, DSOMM).
  • Knowledge of embedded security (IDE plugins, SAST, DAST, SCA).
  • Experience performing vulnerability scanning/penetration testing.
  • Threat detection and prevention (IDS, IPS, SOC, Threat list blocking, WAF/SIEM).
  • Cloud account management (e.g. AWS Control Tower/GuardDuty/Config/Security Hub/CloudTrail).
  • Identity management (e.g. SAML/OAuth/OIDC/AWS IAM).
  • Secret management (e.g. AWS Secrets Manager, Parameter Store).
  • Patch management (Security updates/ AWS SSM / Dependabot).

For any further queries regarding the role, please contact Danny Palmer at danny.palmer@sandersonplc.com

Apply for this Job