Principle Security Engineer (DevSecOps)
- Full-time
- Working Hours: 35 hours per week
- Salary: Competitive
- Department: Technology
Company Description
Here at esure, we’re no strangers to change. As one of the industry leaders in the insurance business, striving to become a world class digital insurer, we’re getting ready for more. It’s creating great new opportunities for innovative and talented industry professionals to join us at a pivotal point in our development.
It’s an opportunity you simply don’t want to miss. You can expect our investment in you to include a highly competitive package, career and development opportunities and flexible benefits built around you and your lifestyle.
Job Description
- Acting as the central point of contact within the business for information security in the Cloud
- Be responsible for the delivery of security in the Cloud
- Lead in mentoring colleagues for security in the Cloud
- Implement security strategies within CI/CD pipeline
- Collaborate with multiple DevOps squads to advocate security practices
- Collaborate with security architects in maintaining/extending Cloud security patterns and use cases
- Manage Cloud security playbooks and preventative controls
- Collaborate with internal and external DevOps teams and where necessary provide guidance of adopting security by design and if necessary, remediate identified vulnerabilities
- Support the development of security operations for monitoring, testing, and where necessary conduct Cloud implementation audits
- Where appropriate support Incident Response team
Qualifications
We'd Love You to Bring:
- Significant Cloud security experience
- Experience of working with a range of senior stakeholders
- AWS Security Specialist qualification is desirable
- Computer science degree or related experience
- Experience of containerization solutions
Essential
- Working with Data platform engineers
- Continual passion to learn and inspire
- You will need to have a good background in DevOps practices working with CI/CD pipelines, e.g. Jenkins, Gitlab CI
- Cloud platforms particularly AWS; Solid experience and background working with AWS services (EC2, EKS(K8), VPC, ELB, S3, RDS, Lambda, SNS, ELK, etc.)
- Proficiency with Python, Terraform and AWS CLI
- Experience of API integration and Security techniques
- Experience of AuthN/AuthZprotocols, such as OpenID Connect, OAuth, SAML and AD;
- Awareness of vulnerability management and penetration testing tools, such as NMAP, Nessus, Qualys, Burp, ZAP, Kali Linux, or Metasploit
Bonus points
- Application security knowledge
- You may have experience with application security tooling (SAST, DAST etc.)
- OCI / Provenance and security inspection/test tools
- Apache Ranger
- Data driven pipelines
- Risk modelling concepts (e.g. STRIDE/DREAD)
Professional growth
We are committed to continual learning; the individual would be supported to grow in missing disciplines.
Additional Information
Benefits
- A competitive salary that recognises your skills, experience and potential
- 28 days annual leave plus 8 flex days (equivalent to bank holidays to be taken as and when suits you)
- Bonus scheme
- Flexible working – including hybrid working post covid
- Staff discount on our products
In light of the current Covid-19 pandemic, we want to emphasise to all applicants that the safety and wellbeing of our candidates and colleagues is esure Group’s number one priority. All interviews will be conducted remotely via a video conference platform to ensure that everyone involved is adhering to the social distancing guidance.