DevSecOps Engineer

Location: Remote
Position Type: Permanent Position
Overview:
As the DevSecOps Engineer, your primary responsibility will be to collaborate closely with infrastructure and software engineers, along with the QA team, to ensure that all components of our Cloud Landing Zones, tooling and services adhere to the prescribed security standards. You will play a key role in integrating security testing seamlessly throughout all project stages and driving the incorporation of automated testing within development pipelines.
Key Responsibilities:

• Landing Zone Delivery & Management: Be a driving force in the delivery of the Landing Zones and supporting ecosystem of tooling (CICD Pipelines etc) to secure core Cloud Services. This will initially be on AWS, with Azure & GCP to follow.
• Collaboration: Work closely with infrastructure and software engineers, as well as the QA team, to ensure that security measures are an integral part of the development process.
• Security Standards Adherence: Enforce prescribed security standards outlined in the security architecture throughout the development lifecycle.
• Security Testing Integration: Seamlessly integrate security testing at all project stages, including code reviews, CI/CD pipelines, and production environments.
• Automation Emphasis: Strive to maximize the incorporation of automated security testing within the development pipelines to identify vulnerabilities early and continuously monitor for threats.
• Threat Assessment: Perform threat assessments and vulnerability scans to identify potential security risks and provide recommendations for mitigation.
• Incident Response: Contribute to the development of incident response planning and participate in security incident investigations and resolution (automated where possible).
• Security Education: Provide security education and guidance to development teams to promote a culture of security awareness and best practices.
• Security Documentation: Maintain comprehensive security documentation, including security policies, procedures, and guidelines.
• Compliance: Ensure that security measures align with regulatory requirements and industry standards.
• Infrastructure Optimization: Identify opportunities for infrastructure optimization, cost reduction, and performance improvement.

Qualifications:

• Proven hands-on experience in security engineering or DevSecOps roles
• Strong understanding of security principles, practices, and technologies
• Proficiency in security testing tools and methodologies
• Excellent problem-solving and analytical skills
• Strong communication and collaboration skills
• Ability to work effectively in cross-functional teams

Preferred Qualifications:

• Relevant industry certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), etc.)
• Experience with DevOps and CI/CD pipelines
• Knowledge of cloud security best practices

Key Technical Skills:

• Terraform (Terraform cloud / HCP Terraform knowledge an advantage)
• GitHub & GitHub Actions
• AWS Organisations
• AWS Control Tower (including Account Factory for Terraform - AFT)
• Python (including curating Python packages)