My client, a Professional Services company are looking for an IT Securtiy Engineer to join their client (in the Insurane sector) on site in London (Kent to be exact). Please note I am away from Thursday 14th August - Wednesday 20th August
About the IT Security Engineer Role:
As a Security Engineer, you’ll provide hands-on technical expertise to guide software development, delivery and continuous improvement with a focus on risk and security. You’ll help evolve our new Digital Platform so that its secure and compliant with both internal and industry regulations. You will analyse new feature code to identify security risks and work with engineers to mitigate them, working and applying modern security standards such as OWASP CI/CD, DSOMM, SAMM and Cloud Security Posture management systems such as Azure Defender, Prisma Cloud.
What you will be doing:
Analyse new feature code to identify security risks and work with engineers to mitigate these Deliver improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation) Work with our Information Security teams to ensure Security policies are implemented in the most efficient and flexible manner. Design, build, operate monitoring and alerting technology for large, complex multi-site b2c and b2b applications. Design, build, operate and optimise logging technology so that more and more data can be gathered about sites’ holistic performance/reliability Contribute to definition of, adhere to & uphold coding standards & our software delivery lifecycle to ensure the delivery of secure, quality systems.
What you’ll bring:
Engineering expertise in complicated Salesforce environments. Experience with Copado for CI/CD a plus. Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred) Worked and applied modern standards such as OWASP CI/CD, DSOMM, SAMM etc Experience with Cloud Security Posture management systems such as Azure Defender, Prisma Cloud (preferred) Expertise with SAST & SCA systems such as Snyk, Checkmarx (essential) including policy Comfortable working with teams to develop Threat Models as part of risk assessment (preferred), including remediation plans Experience with DAST systems such as OpenZAP, Qualys DAST (preferred) ideally with HTTP APIs Experience with API security models, including OAuth2, Zero Trust concepts (preferred) Experience with Azure DevOps and multi-stage pipelines. Managing large scale software estates from a operational perspective (build, release, monitoring, rollbacks, High Availability, etc) Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols etc), cloud network design (VPNs, subnets, regions/zones etc), and Intergration related technologies (e.g. Auth0, APIM, etc) Experience in hands-on building of automated security test suites.If the above is of interest please message me on darius.goodarzi@robertwalters.com or call me on 0207 509 8040.
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates