Lead DevSecOps Engineer - London

Policy Expert ,
London, Greater London

Overview

Job Description

DevSecOps Engineer Policy Expert was Founded in 2010, before 'InsurTech' was even a word, we set out to redefine what an insurer should be. By building our own tech and owning the process end to end, we've streamlined how people buy insurance. We're built in the cloud, driven by excellence and data, with a no blame culture. An approachable team, with many years of expertise and knowledge in a wide range of domains. Check us out here: We take security seriously at Policy Expert. We are looking for a DevSecOps expert who is skilled in the cultural and technical principles & practices of the DevSecOps movement with experience of implementing DevSecOps approach and associated tools within an organisation. Requirements * Perform hands-on security threat modelling, risk assessment, and vulnerability remediation; * Maintain, validate, and communicate the products' threat model, security properties, and trust model; * Evaluate, architect, implement, and support security-focused tools and services; * Manage and oversee the Application Security Testing in CI/CD working with the Corporate Security team to ensure issues are tracked and closed; * Work with DevSecOps teams to improve the secure software development lifecycle; * Foster a shift-left security focused culture across the development, devops and testing teams * Partner with Product/Engineering teams to define identity access and management * Auditing of code and security configuration * Monitor latest web application security developments and security trends to continually improve internal processes; * Educate software engineers on application security best practices and secure coding techniques. Experience: * CI\CD tools e.g. Jenkins, Team City * Securing applications within a cloud platforms (preferred AWS). * Working within and implementing AWS Well-Architected Security Pillar * Containerisation and Container Security (Fargate / Kubernetes) * API security * Familiarity with code analysis tools, such as Snyk, AquaSec, RedLock, Sysdig SonarQube, Checkmarx etc; * Proficiency with two or more of: Java, JavaScript, Python * BSc, MSc or PhD in computer science, or related security discipline, or equivalent work experience; * Understanding of security requirements. * Deep understanding of API Security; * Familiar with vulnerability management and penetration testing tools, such as NMAP, Nessus, Qualys, Burp, ZAP, Kali Linux, or Metasploit; Benefits * Private medical cover with Vitality * Training and education through LinkedIn learning and Plurasigh * Travel season ticket loan * Flexible working approaches. Remote, work from home, flexible start/end times * Fruit, breakfast, and drinks provided * Social events through the year * MacBook Pro + Large screen * Access to selected London O2 events and use of a Private Lounge. We are based in Liverpool st, London, you will be working in a relaxed and friendly environment where you utilise your DevSecOps skills, whilst striving to learn and develop new skills.