Senior DevSecOps Engineer

We are seeking a Senior DevSecOps Engineer with 6+ years of experience in designing, automating, and securing cloud infrastructures across both AWS and Azure platforms.

Key Responsibilities:

• Cloud Infrastructure Architecture: Design and implement secure, scalable, and resilient cloud infrastructures on AWS and Azure, leveraging 6-8 years of expertise.
• DevSecOps Leadership: Utilize over 8 years of experience in DevSecOps, DevOps, or related security roles to lead the integration and operation of security tools and practices.
• Terraform Expertise: Demonstrate extensive knowledge in DevOps operations using Terraform for infrastructure as code.
• Security Tool Integration: Integrate and manage security tools such as WAF, AWS Inspector, and Falco, ensuring robust protection of cloud environments.
• Security Tools Familiarity: Be well-versed with security tools like SAST, DAST, and SIEM, and understand the CVSS scoring system for vulnerabilities.
• Compliance Automation: Automate compliance monitoring and remediation using AWS Config, AWS CloudTrail, and CloudWatch to maintain alignment with SOC2 and FedRAMP standards.
• IAM Strategy Development: Design and maintain comprehensive IAM strategies for AWS and Azure, incorporating RBAC, fine-grained permissions, and automated key rotation.
• Security-First Cloud Architecture: Implement security-first cloud architectures, integrating advanced threat intelligence and vulnerability management solutions to meet compliance requirements.
• Centralized Logging and Monitoring: Deploy and manage centralized logging and monitoring solutions using Prometheus, Grafana, and AWS CloudWatch to provide actionable insights and reduce incident resolution times.
• CI/CD Pipeline Optimisation: Implement and optimize CI/CD pipelines using tools such as CircleCI, Jenkins, GitLab CI/CD, and AWS CodePipeline.
• Cloud Platforms Proficiency: Bring 5 years of experience with cloud platforms like AWS, Azure, and Google Cloud.
• Containerization and Orchestration: Utilize 5 years of experience with containerization and orchestration tools such as Docker and Kubernetes.
If this sounds of interest, please send your CV.

Please click here to find out more about our Key Information Documents. Please note that the documents provided contain generic information. If we are successful in finding you an assignment, you will receive a Key Information Document which will be specific to the vendor set-up you have chosen and your placement.

To find out more about Computer Futures please visit XX XX XX XX XX

Computer Futures, a trading division of SThree Partnership LLP is acting as an Employment Business in relation to this vacancy | Registered office | 8 Bishopsgate, London, EC2N 4BQ, United Kingdom | Partnership Number | OC387148 England and Wales

Senior DevSecOps Engineer / inside IR35 Experience you’d be expected to have Technical Delivery: * Proven ability to configure toolsets against a range of development pipelines such as Gitlab, Jekins etc to deliver Security as a Service and in doing so shift left DevSecOps capabilities in our DevOps processes.* The ability to lead the design and delivery of the DevSecOps test and controls as defined by TT2 programme* Works with other engineers to develop, integrate and automate DevSecOps pipelines including SAST and DSAT products. * Appreciation of using APIs to deliver capabilities.* Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS…),* Appreciation of using containers and building pipelines in a variety of tools. Knowledge, Skills, Qualifications & Experience Required* 10+ years in operations or development, a good appreciation of DevOps or DevSecOps. * Demonstrable knowledge and experience of configuring toolsets against development pipelines and containers* Demonstrable knowledge of continuous testing.* Practical experience with scripting languages (e.g., Python, Perl, Bash, PowerShell, JSON, etc) – aka can configure toolsets* Practical experience in the use of vulnerability assessment tooling is highly desirable.* Practical experience using standard Security Scanners like Coverity, SonarQube, Veracode, Snyk would be advantageousKey Attributes* Must be willing to be hands on developing and delivering DevSecOps services * Able to effectively communicate complex technical concepts such as security vulnerabilities to application developers and/or senior managers who may have little to no experience with security. * Leadership experience in driving, mentoring and training junior members of a team.* Must be able to work independently at a large scale, enterprise setting and collaborate with multiple team members.* Detail-oriented and well-organized.* Proactive and able to multitask effectively.* Approachable with strong interpersonal skills.* Adaptable and willing to learn in a rapidly changing environment.Please send your CV
LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds.Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.