Development Security Operations Lead
- 113 Loop St, Cape Town City Centre, Cape Town, 8000, South Africa
The Rank Group is growing rapidly within both our Venues and Digital businesses. If you’re not sure who we are, you may be more familiar with us through our iconic brands; Mecca Bingo and Grosvenor Casino. We have most recently acquired Stride Gaming, which, together with our existing Digital business, forms Rank Interactive.
We employ circa 8,000 people globally, with our UK office functions being located in Maidenhead (Head Office), Sheffield (Customer Solutions Hub), London (Digital) and a further office in Gibraltar, which is home to our existing Rank Digital function.
We are evolving as a business and are adding some exciting new brands and concepts to our venues and digital offering. By joining an office-based or operational function with us, you’ll instantly be part of a high-performing and inclusive culture, which works closely to support our Customer-facing teams.
To provide technical hands on and security support DevSecOps engineering tasks. The DevSecOps Engineer will be responsible for implementing security controls within on premise and cloud (AWS, Azure and GCP) infrastructure environments and embedding security within the CI/CD pipeline.
They will be responsible for establishing best practices relating to code management and integration with build pipelines and automated processes.
Main Accountabilities and Responsibilities:
- Applying Security-as-Code principles across the board to improve security of the product suite & provide training, mentoring, and best practices to the teams.
- Leading the development of an automated framework for Security Tool deployment and development, leveraging various scripting languages and open source solutions.
- Architecting and designing API Security, Container Security, AWS, Azure or GCP Cloud Security.
- Developing the automation of security and compliance capabilities in support of DevOps processes.
- Implementing security features and monitoring tools, performing periodic security vulnerability assessments.
- Responding swiftly to new and emerging security threats and vulnerabilities, investigate suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures.
- Being an integral part of the Information security incident process
- Managing the development, refresh and implementation of security policies, standards, guidelines and procedures.
- Building relationships with all staff to promote security throughout the business.
- Keep up to date with the latest security and development techniques.
- Provide technical knowledge at all stages of the SDLC.
- Provide continuous security related support and guidance to the development squads.
- Identify and address vulnerabilities / security non-compliance.
- Liaise with stakeholders in relation to cyber security issues and provide future recommendations.
- Liaising with the business and technology on current and future security. requirements for both projects and production work.
- Generate reports for both technical and non-technical staff and stakeholders.
- Assist with internal and external audits relating to Information and cyber security.
- General Information gathering as requested.
- Stakeholder Management where applicable.
- Business engagement as required.
- Performs other duties as assigned.
Knowledge, Expertise and Qualifications
The successful candidate will ideally have a solid understanding of and experience in Development Security Operations (DevSecOps)/ In addition to this experience, an operational security role would be ideal.
- Must have experience integrating security requirements into the CI/CD pipeline.
- OWASP Knowledge.
- Able to demonstrate experience with AWS and AZURE infrastructure and the design patterns required to implement Well Architected Framework principles.
- GCP infrastructure design best practices, including knowledge of networking and IAM.
- Able to demonstrate experience with Terraform/Terraform Cloud.
- Familiarity with CloudFlare Technology implementations would be a benefit.
- Familiarity of CASB technologies.
- Extensive experience with core Azure services, and cloud native tools.
- Demonstrable experience automating security vulnerability tools such as Sonarcloud, Synk, Tenable IO etc.
- Must be familiar with pipeline tooling including Terraform, Jenkins, Ansible, Jira, Docker and Kubernetes.
- Experience with Windows and Linux operating systems and the principles of how to secure them in a Production environment.
- Ability to up skill engineering teams from a security point of view.
- Understanding of Information Security principles such as Data Protection, Privacy, Governance, Risk and Compliance is an advantage.
- Experience working with Agile Development squads located in multiple time zones and able to demonstrate an appreciation for the key elements that make an Agile process successful.
- Attention to detail and an appreciation of dealing with sensitive data.
- Confidence and ability to work in a cross-functional team.
- Ability to work alone on tasks and/or collaborate with the relevant teams.
- Ability to work to the right priorities.
- Resolves technical issues and identifies solutions
- Ability to develop and deliver clear, concise and compelling verbal & written communication to a number of stakeholders.
- Positive attitude and adapts well to change and moving priorities.
- Highly organised and methodical.
- Self-motivated and driven to continuously develop.
- Willingness to learn and grow within the team.
As a trusted technical authority, you'll become a go-to person for all things Security engineering, who has can demonstrate and apply the following;
- Solid understanding of the following AWS, AZURE Suites of service:
- 'Security, Identity & Compliance'
- 'Management Tools'
- 'Compute' & 'Storage'
- 'Networking & Content Delivery'
- Working knowledge of Vulnerability/compliance, Patch management, Anti-malware, Access Control Management toolsets
- Must have a technical background in a highly distributed environment.
- You must have a solid understanding of basic IT, networking, infrastructure and security concepts and preferably worked in technical role previously.
- You must have a key understanding of incident response functions.
- Coding or scripting skills in languages such as Python PowerShell would be an advantage.
- You must have a solid understanding of Active Directory in a Windows environment.
- You have a solid understanding of networking protocols such as TCP/IP.
- Basic understanding and proficiency in using Linux operating systems and, in particular, Kali Linux.
- Good understanding of security testing tools such as Wireshark, Nmap, Burp Suite, Metasploit, vulnerability scanners and Kali.
- Basic understanding of SIEM tools (eg. ELK, ArcSight, Exabeam, Splunk).
- Basic understanding of defensive security products such as web filtering & proxies, mail filtering, firewalls, VPNs etc.
It would be great if you also could bring:
- A desire to constantly challenge the norm
- Willing to attend conferences, webinars and meet-ups and share the learning.
- Experience of using automation to solve complex problems e.g. Machine Learning
- Deep knowledge of the AWS, Azure and GCP products and tools.
Must have a technical background in a highly distributed environment.
You must have a solid understanding of basic IT, networking, infrastructure and security concepts and preferably worked in technical role previously.
You must have a key understanding of incident response functions.
Coding or scripting skills in languages such as Python PowerShell would be an advantage.
You must have a solid understanding of Active Directory in a Windows environment.
You have a solid understanding of networking protocols such as TCP/IP.
Basic understanding and proficiency in using Linux operating systems and, in particular, Kali Linux.
Good understanding of security testing tools such as Wireshark, Nmap, Burp Suite, Metasploit, vulnerability scanners and Kali.
Basic understanding of SIEM tools such as ArcSight, Exabeam, Splunk, etc.
Basic understanding of defensive security products such as web filtering & proxies, mail filtering, firewalls, VPNs etc.