High-growth FinTech are looking to augment existing delivery team with a Senior Security Engineer, with responsibilities ranging from DevSecOps across the Build Pipelines, through design & implementation of Security Controls within the Product execution environment, through to Security Policy, Process & Procedure definition for Product Service Delivery.
They have highlighted the following responsbilities....
- Data Privacy - working with our application development teams to optimise consent & data access management frameworks
- Activity Auditing – working with our application development and infrastructure teams to ensure auditing of activities to demonstrate alignment to PolicyAPI Endpoint Security & Controls - supporting the needs of 3rd party consumption & the needs of product frontends (Web & Mobile)AM - Review & hardening of existing IAM solutions including segregation of duties policies and controls to demonstrate ongoing alignment
- RBAC Policies - Definition and implementation of RBAC Roles from IAM across all execution environment components
- Security Policies, Process & Procedures - Development of strategies to identify, respond to and recover from a security breach.
- Define incident response procedures, including steps to minimise any breach and subsequent technical & forensic investigations into how the breach happened and damage impact assessment approaches
- Security Compliance & Controls - supporting the needs of ISAE3402 & ISO27k audits, performing or coordinating internal security assessments, penetration tests, vulnerability scans and cybersecurity maturity
- Key Management (including rotation policy) - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
- Certificate Management - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
- SPI / PII & Data Tokenisation - working with our application development teams to optimise approach of working with confidential dataNetwork access controls - Improving our Controls and ability to demonstrate policy alignment
- DevSecOps (incl. Code / Container security) - working with our application development teams to improve security controls within the SDLC pipelines
- SIEM - Design & implementation of SIEM solution
- WAF Policies - Design & implementation of Layer 7 WAF solution
- Threat Analytics (incl. IDS/IDP) - Design & implementation of estate wide threat analytics solution.
- As Senior Security Engineer, you will be the SME for application & infrastructure security best practice, defining / refining SDLC methodologies and working with engineers to assess and improve the current security technologies & approaches.
- You will have proven experience of application security architectures supporting mobile,Web and API access patterns and developing and applying secure coding standards within an enterprise environment.
- You will have 10+ years of experience around application security, with at least 5+ years of securing applications within AWS.
- You will have experience of having worked within UK Financial Services Institutions.
- Understanding of cybersecurity standards and frameworks e.g. ISO27001, NIST, CIS,OWASP, SANS, FSSCC and experience of workforce awareness training around these information security standards, policies and best practices.
- Qualifications within IT Security (e.g. CISSP, CEH, GSEC, GCIH, GCIA, GMON) are desirable but not essential.