DevSecOps Engineer

DevSecOps Engineer

Hybrid Working - London - 1 day a week on site.

Financial Services

Lorien's leading banking client is looking for a DevSecOps Engineer to join the existing team on a long term change project.

This role is based in London.

This role will be Via Umbrella.

Working in a Hybrid Model of 1 day a week on site.

What You'll Do:

• Ensure security automation across our entire platform, collaborating with developers, security, and operations teams to ensure platform integrity

• Have a passion for Security, Agile, and DevOps, and promote shift-left culture, which integrates security analysis into each CI/CD stages

• Implement new tools and processes to enable security in DevOps and SRE environment

• Automatic audit and implement security control in the DevOps CI/CD pipeline, ensuring processes are followed, maintained, reviewed and updated regularly

• Implement and maintain security measures across applications, workloads, and infrastructure.

• Detect threats and accelerate investigations by managing logs and third-party security alerts.

• Enable real-time threat detection and continuous configuration audits across multi-cloud infrastructure and DevSecOps pipelines.

• Ship secure software releases continuously with security insights at all levels.

• Proactively uncover and troubleshoot user-facing incidents using automated synthetic tests.

• Monitor user sessions in real time and receive actionable alerts.

• Analyse user behaviour and performance data across web applications.

• Implement chaos engineering principles to improve system resiliency in production.

• Utilize SIEM tools to detect, analyse, and respond to security threats.
• Experience on SOAR especially automation

• Manage the complete lifecycle of a secret to mitigate the impact from a leaked secret.

Key Skills and Experience

• Demonstrate knowledge in PowerShell scripting, working with APIs

• Experience with .NET and C# codebase

• Deep understanding on Networking Skills (TCP/IP, SSL, SMTP, HTTP, FTP, DNS), no WAF, and OWASP top10

• Experience working on large scale distributed systems with deep understanding of design impacts on performance, reliability, operations, and security

• Knowledge of risk assessment and threat modelling techniques

• Knowledge of securing APIs and security in micro-services is beneficial

• Hands on experience Azure Monitoring suite including Sentinel and security configuration

• Hands on experience Azure Firewall and Azure Policies, Azure ADD, Azure front door.

• Hands on experience Azure DevOps (Repositories, Pipelines, Artifacts, Advanced GitHub Security and Azure Defender)

IND_PC3

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.