Security DevOps Engineer - Bristol - #1696733

Hybrid working model - 2-3 days per week in the office

The Company

The company is a leader in its field and is an Insurance business with an excellent reputation both in the UK and abroad.

The Role

This is an excellent opportunity to be involved in the development of a brand new digital platform that will be used across the business.

As a Security Engineer, you’ll provide hands-on technical expertise to guide software development, delivery and continuous improvement focusing on risk and security. You’ll help evolve our new Digital Platform so that its secure and compliant with both internal and industry regulations. You’ll analyse new feature code to identify security risks and work with engineers to mitigate them, working and applying modern security standards such as OWASP CI/CD, DSOMM, SAMM and Cloud Security Posture management systems such as Azure Defender and Prisma Cloud.

What You’ll Be Doing

• Analysing new feature code to identify security risks and working with engineers to mitigate
• Delivering improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation)
• Working with our Information Security teams to ensure security policies are implemented in the most efficient and flexible manner
• Designing, building, operating and monitoring technology for large, complex multi-site b2c and b2b applications
• Contributing to the definition of, adhering to, and upholding coding standards and our software delivery lifecycle to ensure the delivery of secure, quality systems
• Designing, building, operating and optimising logging technology to allow more data to be gathered about sites holistic performance and reliability.
  
  

What You’ll Bring

• Engineering expertise in complicated Salesforce environments
• Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred)
• Proven experience applying modern standards such as OWASP CI/CD, DSOMM, SAMM etc
• Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols etc), cloud network design (VPNs, subnets, regions/zones etc), and integration related technologies (Auth0, APIM)
• Expertise with SAST & SCA systems such as Snyk, Checkmarx
• Experience with DAST systems such as OpenZAP, Qualys DAST (preferred) ideally with HTTP APIs
• Ability to manage large scale software estates from a operational perspective (build, release, monitoring, rollbacks, high availability, etc)
• Hands on experience building automated security test suites
  
  

As a precondition of employment for this role, you must be eligible and authorised to work in the United Kingdom.