We believe in better. And we make it happen.
Better content. Better products. And better careers.
Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, SkyQ to Sky Glass, we never stand still. We optimise and innovate. We turn big ideas into the products, content and services millions of people love. And we do it all right here at Sky.
The role
Sky is transforming the way in which software is secured across the company so we can keep giving customers a reliable and trusted experience. At the heart of this transformation is helping developers build more secure products by making security easy for them. As a Senior DevSecOps consultant, you will be leading the DevSecOps Consultants sub-team within Group Software Security and act as trusted advisor and coach for development teams. You will help them build secure applications by creating awareness of common software security issues and providing guidance to mitigate them. Sky’s DevSecOps engineering team is also building security tooling, with a focus on code security scanning (e.g., SAST, SCA, secrets scanning, IaC security scanning). You will help development teams use these tools so they have confidence in their software releases.
To succeed in this role, you need to be an advocate for software security, a good coordinator and collaborator, but be willing to roll up your sleeves and deliver technical tasks as well. Understanding the whole Sky software security product portfolio, how and where it can be deployed, and making it fit the requirements of dev teams will be a core requirements as well as handling ad-hoc tasks to support security incidents and other related topics.
What you'll do
* Lead the DevSecOps Consultant subteam within Sky Group Software Security with a large part of that team being located in Chennai, India.
* Coach development teams on building secure applications
* Participate in workshops to raise awareness of common security vulnerabilities and mitigations available to teams.
* Help teams address product security requirements by deploying homegrown and off-the-shelf tools.
* Coordinate with DevSecOps engineering and development to ensure these tools are fit for purpose.
* Identify opportunities and options for eradicating entire classes of vulnerabilities or weaknesses across teams
* Drive improvements in teams that ultimately improve audit outcomes.
* Collaborate with multiple DevOps Teams to advocate software security practices
* Collaborate with Cloud Security and Security Architects in maintaining/extending Cloud Security patterns and use cases
* Collaborate with internal and external DevOps teams and where necessary provide guidance of adopting security by design and if necessary, remediate identified vulnerabilities
* Support the development of software security operations for monitoring, testing, and remediation
* Lead key software security services in-line with business requirements
* Work with technical and non-technical business personnel at various levels, articulating security risks in a manner appropriate to the stakeholders
What you'll bring
* A formula for creating a positive security culture in development teams
* Ability and experience leading a cross-regional and cross-cultural team.
* A structured approach for introducing security capabilities to an organization.
* Experience applying techniques like SCA, SAST, secrets scanning, IaC security scanning, IAST etc. to development projects (via pipelines, GH apps, and other techniques).
* Good understanding of modern web frameworks and their security features
* Good understanding of the Secure SDLC and skills to design security into software products
* Hands-on experience with Continuous delivery systems like Jenkins and Circle-CI
* Experience with public cloud and infrastructure as code – Terraform
* Experience leading workshops for developers
* Knowledge of OWASP Top 10 and ASVS standards
* Excellent communication and inter-personal skills matching the different stakeholders from developers to top mgmt.
Team overview
Cyber Security
Our products, platforms and technologies are constantly evolving that’s why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you’ll get involved in tackling challenges and future threats in an ever-changing cyber landscape.
The rewards
There's one thing people can't stop talking about when it comes to #LifeAtSky: the perks. Here’s a taster:
* Sky Q, for the TV you love all in one place
* The magic of Sky Glass at an exclusive rate
* Discounted mobile and broadband
* A wide range of Sky VIP rewards and experiences
Inclusion & how you'll work
We are a Disability Confident Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all, and will make reasonable adjustments to support you where appropriate. Please flag any adjustments you need to your recruiter as early as you can.
We’ve embraced hybrid working and split our time between unique office spaces and the convenience of working from home. You’ll find out more about what hybrid working looks like for your role later on in the recruitment process.
Your office space
Our Osterley Campus is a 10-minute walk from Syon Lane train station. Or you can hop on one of our free shuttle buses that run to and from Osterley, Gunnersbury, Ealing Broadway and South Ealing tube stations. There are also plenty of bike shelters and showers.
On campus, you’ll find 13 subsidised restaurants, cafes, and a Waitrose. You can keep in shape at our subsidised gym, catch the latest shows and movies at our cinema, get your car washed, and even get pampered at our beauty salon.
We'd love to hear from you
Inventive, forward-thinking minds come together to work in Tech, Product and Data at Sky. It’s a place where you can explore what if, how far, and what next.
But better doesn’t stop at what we do, it’s how we do it, too. We embrace each other’s differences. We support our community and contribute to a sustainable future for our business and the planet.
If you believe in better, we’ll back you all the way.
Just so you know: if your application is successful, we’ll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr