Senior Information Security Engineer - AWS / DevSecOps

Reference:
IS-423854
Sector:
Technology
Salary:
up to £700 Per Annum
Town/City:
London
Contract Type:
Contract

High-growth FinTech are looking to augment existing delivery team with a Senior Security Engineer, with responsibilities ranging from DevSecOps across the Build Pipelines, through design & implementation of Security Controls within the Product execution environment, through to Security Policy, Process & Procedure definition for Product Service Delivery.

 

They have highlighted the following responsbilities....

  • Data Privacy - working with our application development teams to optimise consent & data access management frameworks
  • Activity Auditing – working with our application development and infrastructure teams to ensure auditing of activities to demonstrate alignment to PolicyAPI Endpoint Security & Controls - supporting the needs of 3rd party consumption & the needs of product frontends (Web & Mobile)AM - Review & hardening of existing IAM solutions including segregation of duties policies and controls to demonstrate ongoing alignment
  • RBAC Policies - Definition and implementation of RBAC Roles from IAM across all execution environment components
  • Security Policies, Process & Procedures - Development of strategies to identify, respond to and recover from a security breach.
  • Define incident response procedures, including steps to minimise any breach and subsequent technical & forensic investigations into how the breach happened and damage impact assessment approaches
  • Security Compliance & Controls - supporting the needs of ISAE3402 & ISO27k audits, performing or coordinating internal security assessments, penetration tests, vulnerability scans and cybersecurity maturity
  • Key Management (including rotation policy) - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
  • Certificate Management  - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
  • SPI / PII & Data Tokenisation - working with our application development teams to optimise approach of working with confidential dataNetwork access controls - Improving our Controls and ability to demonstrate policy alignment
  • DevSecOps (incl. Code / Container security) - working with our application development teams to improve security controls within the SDLC pipelines
  • SIEM - Design & implementation of SIEM solution
  • WAF Policies - Design & implementation of Layer 7 WAF solution
  • Threat Analytics (incl. IDS/IDP) - Design & implementation of estate wide threat analytics solution.

 

Required Skills

  • As Senior Security Engineer, you will be the SME for application & infrastructure security best practice, defining / refining SDLC methodologies and working with engineers to assess and improve the current security technologies & approaches.
  • You will have proven experience of application security architectures supporting mobile,Web and API access patterns and developing and applying secure coding standards within an enterprise environment.
  • You will have 10+ years of experience around application security, with at least 5+ years of securing applications within AWS.
  • You will have experience of having worked within UK Financial Services Institutions.
  • Understanding of cybersecurity standards and frameworks e.g. ISO27001, NIST, CIS,OWASP, SANS, FSSCC and experience of workforce awareness training around these information security standards, policies and best practices.
  • Qualifications within IT Security (e.g. CISSP, CEH, GSEC, GCIH, GCIA, GMON) are desirable but not essential.