DevSecOps Engineer - Application Security with NIST OR SLSA
Posted Today by Gravitas Recruitment Group (Global) Ltd
£75 Per hour
Inside
Hybrid
London Area, United Kingdom
Summary: The role of DevSecOps Engineer focuses on enhancing application security and network security within a software development environment, specifically utilizing the NIST Secure Software Development Framework and SLSA. The position requires a seasoned professional with a minimum of 7-8 years of DevSecOps experience to collaborate with development teams and implement security best practices. The engineer will be responsible for introducing security tooling, educating developers, and ensuring alignment with the information security strategy. This hybrid role involves working closely with a multi-functional team in London, emphasizing collaboration and rapid iteration of new features.
Key Responsibilities:
- Be part of a software development team with expertise in information security best practices.
- Identify, develop, and improve metrics that drive desired behavior and security outcomes.
- Introduce and maintain security tooling to secure services and reduce attack surface.
- Assure implementation of security and control policies through automation and DevSecOps best practices.
- Educate developers on secure coding best practices and help meet security goals.
- Build a close working relationship with the Information Security team to align engineering initiatives with security strategy.
- Work collaboratively within a multi-functional team to iterate and release new features.
- Lead in identifying and disseminating best practices in information security engineering.
Key Skills:
- 7-8 years of minimum DevSecOps experience.
- Expertise in NIST Secure Software Development Framework and SLSA.
- Strong application security and network security experience.
- Comprehensive experience in software development and SDLC.
- In-depth understanding of security engineering best practices.
- Strong communication and interpersonal skills.
- Ability to translate product and business requirements into technical solutions.
Salary (Rate): £75.00/hr
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Senior
Industry: IT
DevSecOps Engineer - Application Security, Networks, NIST OR SLSA Framework. £575-£600/day INSIDE IR35 pay. Hybrid 2 days on site London. Our News & Media client based in London seeks a dynamic, technically astute and seasoned professional Security Engineer / DevSecOps Engineer who has 7-8 years minium DevSecOps experience and is familiar with NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA). Key attributes to be succesful in this role are Application Security experience, Network experience, SDLC experience and vast amount of Security in DevSecOps. The ideal DevSecOps Security Engineer will:
- Be a part of a software development team with subject matter expertise on information security best practice / processes.
- Identify, develop and improve metrics that drive desired behaviour and security outcomes.
- Introduce and maintain security tooling that enables teams to efficiently secure their services and reduce attack surface.
- Assure the implementation of security and control policies through automation and DevSecOps best practices (secure by design and default).
- Educate other developers and work with teams to expand secure coding best practices, and help them meet their security goals.
- Build a close working relationship with the Information Security team to ensure engineering initiatives are aligned with GNM information security strategy.
You will be working in a multi-functional team, which is empowered to rapidly iterate and release new features. You won’t be coding in isolation. Our culture is strongly collaborative, whether pair programming with other developers or working closely with editorial and commercial colleagues. You will bring demonstrated experience in information security engineering, bringing expert domain knowledge that you can deploy in a software engineering environment. You’ll demonstrate the ability to lead in identifying & disseminating best practice, while being a prolific and skilled individual contributor. You have experience in information security and have comprehensive experience in software development. You have an in-depth understanding of best practices in security engineering, including networking, software supply chain & application security. You are familiar with current and emerging standards within the information security space. For example: NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA). You are confident in translating product and business requirements into technical solutions. STRONG communication and interpersonal skills a must for the ideal DevSecOps Engineer with strong all round skills in Development, SDLC, Security (Application & Network) & NIST OR SLSA.