DevSecOps Engineer - Application Security.
Posted Today by Gravitas Recruitment Group Ltd
£600 Per day
Inside
Hybrid
London, UK
Summary: The role of DevSecOps Engineer focuses on enhancing application security within a software development team, leveraging expertise in NIST and SLSA frameworks. The position requires a seasoned professional with extensive experience in DevSecOps, application security, and network security. The engineer will collaborate closely with development teams to implement security best practices and tools, ensuring secure software delivery. This hybrid role is based in London and emphasizes strong communication and interpersonal skills.
Key Responsibilities:
- Be a part of a software development team with subject matter expertise on information security best practice/processes.
- Identify, develop and improve metrics that drive desired behaviour and security outcomes.
- Introduce and maintain security tooling that enables teams to efficiently secure their services and reduce attack surface.
- Assure the implementation of security and control policies through automation and DevSecOps best practices (secure by design and default).
- Educate other developers and work with teams to expand secure coding best practices, and help them meet their security goals.
- Build a close working relationship with the Information Security team to ensure engineering initiatives are aligned with GNM information security strategy.
- You will be working in a multi-functional team, which is empowered to rapidly iterate and release new features.
- You won't be coding in isolation. Our culture is strongly collaborative, whether pair programming with other developers or working closely with editorial and commercial colleagues.
Key Skills:
- You have experience in information security and have comprehensive experience in software development.
- You have an in-depth understanding of best practices in security engineering, including networking, software supply chain & application security.
- You are familiar with current and emerging standards within the information security space. For example: NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA).
- You are confident in translating product and business requirements into technical solutions.
Salary (Rate): £600 daily
City: London
Country: UK
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Mid-Level
Industry: IT
DevSecOps Engineer - Application Security, Networks, NIST OR SLSA Framework. £575-£600/day INSIDE IR35 pay. Hybrid 2 days on site London.
Our News & Media client based in London seeks a dynamic, technically astute and seasoned professional Security Engineer/DevSecOps Engineer who has 7-8 years minimum DevSecOps experience and is familiar with NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA). Key attributes to be successful in this role are Application Security experience, Network experience, SDLC experience and vast amount of Security in DevSecOps.
The ideal DevSecOps Security Engineer will:
- Be a part of a software development team with subject matter expertise on information security best practice/processes.
- Identify, develop and improve metrics that drive desired behaviour and security outcomes.
- Introduce and maintain security tooling that enables teams to efficiently secure their services and reduce attack surface.
- Assure the implementation of security and control policies through automation and DevSecOps best practices (secure by design and default).
- Educate other developers and work with teams to expand secure coding best practices, and help them meet their security goals.
- Build a close working relationship with the Information Security team to ensure engineering initiatives are aligned with GNM information security strategy.
- You will be working in a multi-functional team, which is empowered to rapidly iterate and release new features.
- You won't be coding in isolation. Our culture is strongly collaborative, whether pair programming with other developers or working closely with editorial and commercial colleagues.
You will bring demonstrated experience in information security engineering, bringing expert domain knowledge that you can deploy in a software engineering environment. You'll demonstrate the ability to lead in identifying & disseminating best practice, while being a prolific and skilled individual contributor.
- You have experience in information security and have comprehensive experience in software development.
- You have an in-depth understanding of best practices in security engineering, including networking, software supply chain & application security.
- You are familiar with current and emerging standards within the information security space. For example: NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA).
- You are confident in translating product and business requirements into technical solutions.
STRONG communication and interpersonal skills a must for the ideal DevSecOps Engineer with strong all round skills in Development, SDLC, Security (Application & Network) & NIST OR SLSA.