Role Particulars:
Role Title: DevSecOps Engineer
Team: Global
Reports to: Head of DevSecOps
Location: Remote / UK - once a quarter in office
Job Description:
We are seeking a skilled DevSecOps Engineer to join our dynamic team. This role will focus on integrating security practices within the DevOps process, ensuring that security is a fundamental aspect of our software development lifecycle. The ideal candidate will collaborate closely with the DevOps Tooling & Policy Lead to implement CI/CD practices, automate processes, and enhance the overall security posture of our applications.
Key responsibilities:
CI/CD pipelines and automation:
* Collaborate with the DevOps Tooling & Policy Lead to design, implement, and maintain robust CI/CD pipelines to automate the software delivery process.
* Integrate testing, security, and deployment processes to ensure high-quality releases.
* Establish and document repeatable patterns for deployment, configuration, and monitoring to enhance efficiency.
* Identify opportunities for automation in security testing and compliance checks.
* Develop solutions to enhance the DevSecOps process, integrating tooling to drive value and enhance developer experience.
Collaboration with development teams:
* Partner with development teams to identify bottlenecks in the SDLC and implement solutions to streamline workflows.
* Provide guidance on best practices for version control, secure coding, and branching strategies.
* Assist development teams onboard to standardised DevOps patterns and processes.
Tooling and technology evaluation:
* Evaluate and recommend tools and technologies that can enhance the CI/CD process and overall developer experience.
* Stay up to date with industry trends and emerging technologies to continuously improve practices.
Documentation and knowledge sharing:
* Develop comprehensive documentation on security and DevOps practices, making it easily accessible to development teams.
* Contribute to workshops and knowledge-sharing sessions to educate developers on secure coding practices and the importance of security in development.
* Assist with the onboarding of projects and teams to the centralised DevSecOps tooling and CI/CD templates.
Experience and skills:
Qualifications:
* Proven experience of DevSecOps and Agile software delivery.
* Strong understanding of the SDLC, Agile, DevOps, and DevSecOps principles.
* Familiarity with modern security practices, tools, and standards (e.g., OWASP, NIST).
* Technical knowledge of cloud environments (AWS, Azure, GCP), containerisation (Docker, Kubernetes), and CI/CD pipelines.
* Excellent communication skills, with the ability to articulate DevSecOps concepts to technical and non-technical stakeholders.
Preferred skills:
* Certifications in cloud technologies (AWS Certified, Azure Security Engineer).
* Experience in leveraging tools for security monitoring and threat detection.
* Experience implementing re-usable pipelines using CI/CD tooling (Gitlab CI/Github Actions/Argo CD/Concourse).
* Familiarity with secure coding principles, application and infrastructure security best practices.