Senior DevSecOps Engineer
The client is one of the world's leading insurance and reinsurance marketplace and they are looking to build world class security into their digital services. Their market participants expect world class security standards to be embedded into the services they provide. They are looking for a DevSecOps Senior Security Engineer to implement and manage robust security controls for their Group Technology services. They will report directly to the Group Technology Security Engineering Manager.
As the Senior DevSecOps Engineer you will:
- Provide support with the development of architecture principles and assess the effectiveness of the security architecture designs and implementations
- Develop the automation of security and compliance capabilities in support of the DevSecOps processes
- Have the ability to interpret the software development life cycles (SDLC) from a security architecture perspective
- Help to co-ordinate IAM activities to provide secure, controlled access to systems and services.
- Implement architecture principles, processes standard and governance, having a systematic and analytical approach to problem solving
- Be able to effectively communicate to both the technical and non-technical stakeholder
- Previous experience of running threat modelling for teams and products with reference to secure engineering principles, and standards (OWASP\CIS\NIST)
The ideal candidate will have:
- Knowledge of cloud computing (Azure/AWS/GCP)
- Knowledge in Azure Networks & Security controls and centre - NSG, Load Balancer, Application Gateway, WAF Route Tables, Azure or Third party Firewall knowledge, VPN Gateways, Key Vaults
- Knowledge on DNS, Public domain management
- required knowledge on Public and Self signed certificate management and having experience to coordinate with public CA vendors for certificate lifecycle management.
- Experience with Microsoft 365 and Azure security services and. technologies as Azure AD, Azure Sentinel, Cloud App Security, Defender ATP
- Hands-on experience with Infrastructure as a Code - ability to automate and script your work with PowerShell, ARM or Terraform.
- Proficient knowledge and experience with setup, configuration, and tuning of Identity management.
- Hands-on software engineering experience, DevOps/DevSecOps background.
- Knowledge of common software development risk frameworks (e.g. OWASP).
- Software development knowledge - advise development teams how to implement steps to automate security tools ie Static Application Security Testing (SAST) or Software Composition Analysis (SCA) as part of the build
If this sounds like you , click "Apply now"
Eames Consulting is acting as an Employment Agency in relation to this vacancy.