Trident Search has partnered with a leading market research organisation, who are looking for a DevSecOps Engineer to come work within their Product security team to help improve their security maturity.

This role involves close collaboration with technical engineering teams and product owners to ensure application security requirements and security capabilities are implemented throughout their software development lifecycle.

Responsibilities of the Role;

• Providing engineering teams with guidance in security web applications, APIs and Cloud Native Services

• Support engineering teams with Security remediations

• Conduct application threat modelling supporting definition of security requirements and controls

• Integrate security tools and capabilities into product teams' CI/CD Pipelines as a part of the Security development lifecycle

• Help build/maintain/support security testing tools.

• Coordinating and performing technical application security assessments and reviews.

• Explain the risk as well and critically of identified vulnerabilities to business owners/technical teams and advice on remediation activities.

• Coordinate third-party penetration tests of products.

• Using dynamic and static security testing tools to assess product artifacts such as source code, third-party libraries and containerized environments

• Supporting the SOC during security incidents involving Cloud environments and or/web services.

• Providing application security coaching and training of junior security peers and engineering colleagues.

Experience required;

• Experience working with Development, SRE and Engineering teams in a dynamic environment to promote/implement the Secure by design practices.

• Experience with web application penetration testing & ethical hacking.

• Prior DevOps/Development/QA experience is beneficial.

• Experience of working in Agile/Sprint based delivery environment would be an advantage (Jira/Confluence or other bug tracking tool)

• Strong knowledge of OWASP.

• DevOps Automation using Jenkins, Puppet, Ansible, GitLab etc.

• Experience integrating DAST, SAST, IAST & SCA into the software development lifecycle

• Experience with securing container technologies including Docker and Kubernetes

• Hands on experience of infrastructure as code

• Working knowledge of application security with respect to web and enterprise application development

• Understanding of end-to-end security within software development lifecycle