Senior Information Security Engineer - AWS / DevSecOps

High-growth FinTech are looking to augment existing delivery team with a Senior Security Engineer, with responsibilities ranging from DevSecOps across the Build Pipelines, through design & implementation of Security Controls within the Product execution environment, through to Security Policy, Process & Procedure definition for Product Service Delivery.

They have highlighted the following responsbilities....

• Data Privacy - working with our application development teams to optimise consent & data access management frameworks
• Activity Auditing – working with our application development and infrastructure teams to ensure auditing of activities to demonstrate alignment to PolicyAPI Endpoint Security & Controls - supporting the needs of 3rd party consumption & the needs of product frontends (Web & Mobile)AM - Review & hardening of existing IAM solutions including segregation of duties policies and controls to demonstrate ongoing alignment
• RBAC Policies - Definition and implementation of RBAC Roles from IAM across all execution environment components
• Security Policies, Process & Procedures - Development of strategies to identify, respond to and recover from a security breach.
• Define incident response procedures, including steps to minimise any breach and subsequent technical & forensic investigations into how the breach happened and damage impact assessment approaches
• Security Compliance & Controls - supporting the needs of ISAE3402 & ISO27k audits, performing or coordinating internal security assessments, penetration tests, vulnerability scans and cybersecurity maturity
• Key Management (including rotation policy) - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
• Certificate Management  - Working with DevOps to ensure key & secret management controls can demonstrate alignment to Policy
• SPI / PII & Data Tokenisation - working with our application development teams to optimise approach of working with confidential dataNetwork access controls - Improving our Controls and ability to demonstrate policy alignment
• DevSecOps (incl. Code / Container security) - working with our application development teams to improve security controls within the SDLC pipelines
• SIEM - Design & implementation of SIEM solution
• WAF Policies - Design & implementation of Layer 7 WAF solution
• Threat Analytics (incl. IDS/IDP) - Design & implementation of estate wide threat analytics solution.

Required Skills

• As Senior Security Engineer, you will be the SME for application & infrastructure security best practice, defining / refining SDLC methodologies and working with engineers to assess and improve the current security technologies & approaches.
• You will have proven experience of application security architectures supporting mobile,Web and API access patterns and developing and applying secure coding standards within an enterprise environment.
• You will have 10+ years of experience around application security, with at least 5+ years of securing applications within AWS.
• You will have experience of having worked within UK Financial Services Institutions.
• Understanding of cybersecurity standards and frameworks e.g. ISO27001, NIST, CIS,OWASP, SANS, FSSCC and experience of workforce awareness training around these information security standards, policies and best practices.
• Qualifications within IT Security (e.g. CISSP, CEH, GSEC, GCIH, GCIA, GMON) are desirable but not essential.