DevSecOPs Engineer

• Strong background in software development, infrastructure management, and security engineering.
• In-depth knowledge of cloud computing platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes).
• A strong understanding of SIEM (Security Information and Event Management) tools.
• Experience with configuration management tools (e.g., Ansible, Puppet, Chef) and infrastructure-as-code frameworks (e.g., Terraform, CloudFormation).
• Proficiency in scripting and programming languages, such as Python, Bash, or PowerShell.
• Familiarity with secure software development practices and methodologies (e.g., OWASP, DevSecOps, Secure SDLC).
• Hands-on experience with security scanning and testing tools (e.g., SAST, DAST, vulnerability scanners).
• Knowledge of security frameworks and standards (e.g., ISO 27001, NIST, CIS) and their application in securing software systems.
• Strong analytical and problem-solving skills, with the ability to assess risks and develop effective security controls.
• Excellent communication and collaboration skills, with the ability to work effectively across diverse teams and stakeholders.
• Continuous learning mindset and the ability to adapt to evolving security technologies and practices.
• Interests in diversity, equity and inclusion.
• Coaching and mentoring experience (or at least interest).

Core Responsibilities:

• Collaborate with software development, operations, and security teams to integrate security measures throughout the software development lifecycle.
• Collaborate with development teams to integrate security testing tools and frameworks into the CI/CD pipelines.
• Design, implement, and maintain secure and scalable infrastructure, including cloud environments, containerisation platforms (Docker, Dockerhub), and CI/CD pipelines (GitHub Actions and Bitbucket Pipelines).
• Develop, build, and operate our Infrastructure as Code capabilities (Terraform) against multiple Kubernetes platforms (Rancher v2 – RKE2, Google Kubernetes Environment – GKE).
• Implement and enhance GitOps workflow (ArgoCD, Flux)
• Securely administer our Kubernetes environments (key management and rotation, secrets encryption, container vulnerability scanning, dependency reporting)
• Develop and maintain security policies, standards, and procedures, ensuring compliance with industry best practices and regulatory requirements.
• Conduct regular security assessments and vulnerability scans, analysing the results and providing recommendations for remediation.
• Automate security controls and processes, leveraging tools and technologies to enhance security posture and efficiency.
• Stay up to date with emerging security threats and industry trends, applying this knowledge to enhance our security practices.
• Educate and train development teams on secure coding practices and security awareness.
• Promote transparency, trust, and collaboration within the team and across the organisation.