Digital Full Stack Developer x 2 at Boardroom Appointments

Key purpose:

• Candidates must be proficient in Azure, AWS, Docker, Kubernetes, Terraform, building and modifying CI/CD pipelines, implementing and configuring security tooling - e.g. Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST).

Duties and responsibilities:

• Ensure successful implementation and embedment of effective DevSecOps solutions (i.e. SAST, DAST, CWPP, SCA, etc.)
• Assist the Engineering and Development teams to build effective and secured CI/CD pipelines, assisting in the configuration and maintenance of the pipelines - shifting security left
• Ensure that capabilities are deployed through a CI/CD pipelines with security requirements adhered to prior to deployment
• Communicate application security features to the engineering and development teams utilising a triad of people, processes, and technology
• Advise engineering teams to consider patterns in software security development and best practice, provide recommendations on approach and automation related to security
• Ensure compliance with Security and Operational risk standards
• Work with the Cloud team in the engineering of solutions on AWS Cloud using Infrastructure As Code methods such as Terraform and Ansible
• Proactively monitor and fix vulnerabilities while building a knowledge base

Qualifications and experience:

• At least 5 years at Financial Service Provider
• 5+ years of experience developing software from scratch and/or building existing systems in a large enterprise environment
• 5 years of related job experience (DevOps & Security)
• 5 experience with Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub)
• Knowledge of DevSecOps tooling in the following spaces:
• SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelines
• Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Azure DevOps, Artifactory, Jira, Terraform, Git/Version Control Software (GitHub).
• Familiarity with information security frameworks and standards
• Knowledge of DevOps Automation (TerraFrom, GitHub, GitHub Actions).
• Knowledge of DevSecOps tooling in the following spaces:
• SCA, SAST, DAST, IAST, CWPP and the ability to install and configure the above mentioned tooling (including integration into CI/CD pipelines)
• Familiarity with API Security, Container Security, AWS Cloud Security
• Familiarity with Amazon AWS policy, configuration, and security management tools.
• Experience with security automation
• Excellent analytical and interpersonal skills
• Ability to express technical information clearly at different organizational levels
• Advantage if you have the relevant Cloud and/or Security Certifications, such as CISM, CISSP, DevSecOps Practitioner Certification, AWS Certified Security Speciality, AWS Certified Developer or similar