Robert Walters
,
Milton Keynes, Buckinghamshire
Security Engineer
Overview
Implement a set of security best practices to deliver security policies to protect sensitive information: Architect, design and implementation security controls Evaluate and on-board security tools for tech stacks Integrate Information Security tools to Security DevOps pipelines About Service and Transformation Function The Service and Transformation function is responsible for the operation and delivery of technology change at Freshfields. Operating on the the concepts of 'DevOps' to accelerate the delivery of change through within the function. Freshfields is embarking on a five year IT roadmap to transform the firm delivering legal services using new technologies, embracing cloud and XaaS platforms. To deliver this ambitious plan, a DevOps model has been adopted to accelerate the delivery of change. This approach will be tailored to meet the different requirements and challenges of maintaining both legacy systems and developing new applications and services. Role : The Security Engineer role is responsible for driving security best practices and testing security implementations of developed applications. Working with Infosec teams and Product Owners to achieve alignment between information security and business change objectives. Support development and system operational support teams of Azure systems at the application, access, database, and monitoring level. Architect, design and providing implementation patterns of security controls throughout solution delivery lifecycle. Responsibilities: Security Engineer You'll be responsible for research, design, and implement automation and Cybersecurity solutions to protect our client's most sensitive information in cloud services using secure systems development practices. Architect, design and providing implementation patterns of security controls throughout solution delivery lifecycle. Designing and developing generic security patterns and guidelines to enable applications stay compliant - integrate them Application and DevOps processes and CI/CD pipelines from early stages of the lifecycle. Evaluating and on-boarding security tools such as RASP, WAF, SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple tech stacks. Contributing features to internally developed Information Security tools and integrate those tools into the Security DevOps pipelines. Driving continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes. Review, analyse and classify outputs from vulnerability and assessment tools to determine fixes, improvements and determine risk. Requirements: Essential Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly-effective in the role. These skills and competencies include: Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one An ability to effectively influence others to modify their opinions, plans, or behaviours Technical expertise security testing tools throughout the development lifecycle Desirable Security Certifications eg CISSP, CISM, CCSP, SANS/GSEC Cloud Certifications e.g. Azure, AWS etc Competencies in any of the following Burpsuite, Zed Attack Proxy, Acunetix, Rapid7, Nessus etc. This job was originally posted as www.totaljobs.com/job/89695142