Harrington Starr are seeking a Lead Cloud Security/ DevSecOps Engineer who can sit across the platform engineering team in a fast moving technical environment. The role is working for an international trading business.
The role is based in London (city) with two days a week required in London.
Securing CI/CD platform – access control, build/deploy agents secured, secrets are encrypted and rotated.
• Secure code – add security policies to CI/CD, run SAST and DAST, unencrypted secrets detected and removed from version control. Ensure fast feedback on security issues to developers.
• Continuous monitoring of our cloud platforms, identifying security concerns, updating IAC to remediate or feedback to development teams with proposed solution to address.
• Tighten access controls on cloud resources following least privilege model, enforce permission boundaries on resources.
• Write automated tests to test the security of the platform and applications that run on it. Ensure developers are aware of the security status of the applications they build.
• Automate penetration testing and reporting, ensure that security controls function as expected.
Key skills needed:
Proficiency in coding with programming languages Python or PowerShell
• Broad technical knowledge with recent roles in DevSecOps/InfoSec, passion for security.
• Proven experience in working closely with development and operations teams throughout the SDLC, secured pipelines and enforced security policies in CI/CD and deployed into Cloud environments with IAC.
• Considerable experience in deploying and running applications securely in AWS or Azure, familiarity with cloud native security tooling and cloud security best practices.
• Built and operated containerized workloads, understand how to detect vulnerabilities and secure the runtime.
• Know how to secure data at rest and transit.
• Good understanding of networking fundamentals
Please send your CV for immediate consideration.