Trident Search has partnered with a leading market research organisation, who are looking for a DevSecOps Engineer to come work within their Product security team to help improve their security maturity.
This role involves close collaboration with technical engineering teams and product owners to ensure application security requirements and security capabilities are implemented throughout their software development lifecycle.
Responsibilities of the Role;
Providing engineering teams with guidance in security web applications, APIs and Cloud Native Services
Support engineering teams with Security remediations
Conduct application threat modelling supporting definition of security requirements and controls
Integrate security tools and capabilities into product teams' CI/CD Pipelines as a part of the Security development lifecycle
Help build/maintain/support security testing tools.
Coordinating and performing technical application security assessments and reviews.
Explain the risk as well and critically of identified vulnerabilities to business owners/technical teams and advice on remediation activities.
Coordinate third-party penetration tests of products.
Using dynamic and static security testing tools to assess product artifacts such as source code, third-party libraries and containerized environments
Supporting the SOC during security incidents involving Cloud environments and or/web services.
Providing application security coaching and training of junior security peers and engineering colleagues.
Experience working with Development, SRE and Engineering teams in a dynamic environment to promote/implement the Secure by design practices.
Experience with web application penetration testing & ethical hacking.
Prior DevOps/Development/QA experience is beneficial.
Experience of working in Agile/Sprint based delivery environment would be an advantage (Jira/Confluence or other bug tracking tool)
Strong knowledge of OWASP.
DevOps Automation using Jenkins, Puppet, Ansible, GitLab etc.
Experience integrating DAST, SAST, IAST & SCA into the software development lifecycle
Experience with securing container technologies including Docker and Kubernetes
Hands on experience of infrastructure as code
Working knowledge of application security with respect to web and enterprise application development
Understanding of end-to-end security within software development lifecycle