Security Engineer/DevSecOps/Windows & Unix/Linux

McCabe & Barton

McCabe and Barton have partnered with a prestigious financial services organisation to offer a Security Engineer (DevSecOps) position on a permanent basis. This role may be more attractive to junior engineers with 3/4 years experience.

This is an exciting position working in an organisation going through change and development with the opportunity to progress and develop within the role.

Scope: Working closely with peers within the Information Security function and stakeholders across the wider group they will engineer modern, effective and maintainable cyber security solutions. A strong focus on automation and deep cyber security knowledge will help ensure the service provided by the team meets business requirements for Critical National Financial Market Infrastructure.

Salary: up to £80,000 + benefits package + generous bonus

Hybrid Working: 2 days a week on-site in Central London

Start Date: ASAP, will consider notice periods up to 3 months

Requirements:

• The right to work in the UK without sponsorship
• 2/4 years of SecDevOps experience gained within financial services (payments or exchanges)- FS Experience is ideal but not necessary
• Scripting and automation tools, Python &/OR PowerShell
• Agile ways of working, tools and techniques (eg Jira, Confluence, stories, sprints, backlogs)
• Encryption and authentication technologies (eg Certificates, TLS, Kerberos)
• Build and deployment pipeline technologies, such as Atlassian stack and Ansible or equivalent
• Secrets management and privileged access management
• Source code and artefact repositories
• Restful API, network and configuration protocols and technologies (eg, TCP/IP, HTTP, HTTPS, JSON, YAML)
• Windows and UNIX/Linux operating systems

An understanding or exposure to:

• SIEM integration
• SAST/DAST/IAST/SCA security assurance tooling
• Application security principles
• Secure coding practices, ethical hacking and threat modelling
• Identity and access management
• Firewall and intrusion detection/prevention technologies
• Cloud deployment, operation and security (AWS or Azure)
• Container runtime technologies and container orchestration platforms
• Penetration and vulnerability testing tools and techniques
• MySQL/MSSQL database platforms
• Secure network architectures and technologies