Information Security Engineer & Software Developer
Posted Today by Gravitas Recruitment Group (Global) Ltd
£75 Per hour
Inside
Hybrid
London Area, United Kingdom
Summary: The Information Security Engineer & Software Developer role involves working in a hybrid environment, with two days on-site in London and three days remote. The position focuses on enhancing security practices within a software development team, ensuring the protection of digital products against cyber threats. The ideal candidate will possess strong expertise in information security and software development, collaborating closely with various teams to implement best practices and security tooling.
Key Responsibilities:
- Develop and improve security metrics to drive desired behavior and outcomes.
- Introduce and maintain security tooling for efficient service security and reduced attack surface.
- Assure implementation of security policies through automation and DevSecOps practices.
- Educate developers on secure coding best practices and assist in meeting security goals.
- Collaborate with the Information Security team to align engineering initiatives with security strategy.
- Work in a multi-functional team to rapidly iterate and release new features.
Key Skills:
- Demonstrated experience in information security engineering.
- Expertise in software development and security best practices.
- In-depth understanding of networking, software supply chain, and application security.
- Familiarity with NIST Secure Software Development Framework and SLSA standards.
- Ability to translate product and business requirements into technical solutions.
- Excellent communication skills for internal and external engagements.
Salary (Rate): £75.00/hr
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Information Security Engineer & Software Developer - 2 DAYS ONSITE LONDON & 3 DAYS REMOTE. £550-£600/DAY INSIDE IR35 PAY. Our London based News & Media Client seeks a dynamic and technically astute SecOps Engineer / Information Security Engineer working in the Engineering Department, so working with Software Engineers and Software Development is also part of this role.
ROLE BRIEF: Development of digital products is central to our client. In this role you will work in the Developer experience stream, in a security focused team. You will help protecting the company and its readers from cyber-security threats by employing leading practices and tooling to secure our services. Our internal engineering team builds and maintains many services and, as a news organisation, we have a unique security profile. We are looking for someone with demonstrated domain knowledge to ensure the security of our platform.
The ideal Security Engineer will be working in the Product & Engineering Department: Be a part of a software development team with subject matter expertise on information security best practice / processes. Identify, develop and improve metrics that drive desired behaviour and security outcomes. Introduce and maintain security tooling that enables teams to efficiently secure their services and reduce attack surface. Assure the implementation of security and control policies through automation and DevSecOps best practices (secure by design and default). Educate other developers and work with teams to expand secure coding best practices, and help them meet their security goals. Build a close working relationship with the Information Security team to ensure engineering initiatives are aligned with GNM information security strategy.
You will be working in a multi-functional team, which is empowered to rapidly iterate and release new features. You won’t be coding in isolation. Our culture is strongly collaborative, whether pair programming with other developers or working closely with editorial and commercial colleagues. You will bring demonstrated experience in information security engineering, bringing expert domain knowledge that you can deploy in a software engineering environment. You’ll demonstrate the ability to lead in identifying & disseminating best practice, while being a prolific and skilled individual contributor. You have experience in information security and have comprehensive experience in software development. You have an in-depth understanding of best practices in security engineering, including networking, software supply chain & application security. You are familiar with current and emerging standards within the information security space. For example: NIST Secure Software Development Framework, Supply chain Levels for Software Artefacts (SLSA). You are confident in translating product and business requirements into technical solutions. You have excellent communication skills and have experience of communicating at internal/external events.