About the job Digital Full Stack Developer x 2Key purpose:Candidates must be proficient in Azure, AWS, Docker, Kubernetes, Terraform, building and modifying CI/CD pipelines, implementing and configuring security tooling - e.g.
Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST).Duties and responsibilities:Ensure successful implementation and embedment of effective DevSecOps solutions (i.e.
SAST, DAST, CWPP, SCA, etc.
)Assist the Engineering and Development teams to build effective and secured CI/CD pipelines, assisting in the configuration and maintenance of the pipelines - shifting security leftEnsure that capabilities are deployed through a CI/CD pipelines with security requirements adhered to prior to deploymentCommunicate application security features to the engineering and development teams utilising a triad of people, processes, and technologyAdvise engineering teams to consider patterns in software security development and best practice, provide recommendations on approach and automation related to securityEnsure compliance with Security and Operational risk standardsWork with the Cloud team in the engineering of solutions on AWS Cloud using Infrastructure As Code methods such as Terraform and AnsibleProactively monitor and fix vulnerabilities while building a knowledge baseQualifications and experience:At least 5 years at Financial Service Provider5+ years of experience developing software from scratch and/or building existing systems in a large enterprise environment5 years of related job experience (DevOps & Security)5 experience with Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub)Knowledge of DevSecOps tooling in the following spaces:SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelinesComprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub).Familiarity with information security frameworks and standardsKnowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions).Knowledge of DevSecOps tooling in the following spaces:SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelines)Familiarity with API Security, Container Security, AWS Cloud SecurityFamiliarity with Amazon AWS policy, configuration, and security management tools.Experience with security automationExcellent analytical and interpersonal skillsAbility to express technical information clearly at different organizational levelsAdvantage if you have the relevant Cloud and/or Security Certifications, such as CISM, CISSP, DevSecOps Practitioner Certification, AWS Certified Security Speciality, AWS Certified Developer or similar
#J-18808-Ljbffr