DevSecOps Engineer

Our client is financial services company. They are looking for DevSecOps Engineer to join the teams in London.

Permanent with salary is up t o£75k + bonus + benefits. 3 days in office

The ideal candidate will have deep expertise in integrating security practices into the Infrastructure and DevOps pipelines, with a strong focus on endpoint protection, secure networking practices, and infrastructure security. You will be working as part of the infrastructure team to provide hands-on support to various teams across the company, including infrastructure platform, development, front office, and innovation teams, ensuring the secure operation of their services.

Key Responsibilities:

• Implement and manage security tools and technologies:Deploy and manage security solutions such as Microsoft Sentinel for SIEM and Tanium for Threat and Vulnerability Management (TVM).
• Conduct security assessments and vulnerability scans:Regularly assess the security posture of applications and infrastructure, identifying and mitigating vulnerabilities.
• Monitor and respond to security incidents and alerts:Continuously monitor security systems for signs of breaches or anomalies and respond promptly to incidents.
• Develop and enforce security policies and best practices:Create and maintain security policies, standards, and guidelines to ensure compliance and best practices across the organization.
• Perform security audits and compliance checks:Ensure that systems and processes comply with relevant regulatory requirements and industry standards.
• Respond to and liaise with regulatory bodies:Ensure compliance with regulatory requirements by responding to inquiries and coordinating with regulatory bodies.
• Enforce best security practises in our CI/CD pipelines using Azure DevOps:Ensure that all stages of the development and deployment process are secure, from code commit to production release.
• Collaborate with development and operations teams to integrate security into the software development lifecycle:Work closely with developers and operations staff to embed security practices into every phase of the development process.
• Automate security processes and workflows:Develop scripts and automation tools to streamline security tasks and ensure consistent application of security measures.
• Stay up-to-date with the latest security trends and technologies:Keep abreast of emerging threats, vulnerabilities, and technologies to ensure the organization remains protected.

Qualifications & Requirements:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Understanding of regulatory compliance requirements, for example, DORA, GDPR, HIPAA, and other relevant regulatory standards.
• Proven experience in DevSecOps, DevOps, and/or security related role.
• Strong understanding of security principles and practices.
• Experience with CI/CD tools, specifically Azure DevOps.
• Proven ability to monitor security systems and respond to incidents effectively.
• Knowledge of firewalls, VPNs, IDS/IPS, and other network security technologies.
• Ability to develop and implement automated security processes and workflows.
• Familiarity and understanding of security frameworks such as NIST, ISO 27001, and others.