IO Associates are recruiting a Security Engineer who has demonstrable experience of continuous security innovation on digital platforms.
You will specifically be responsible for embedding security minded culture, practices and tools across their client's cloud platforms, whilst developing innovative cloud security solutions.This is a technical & hands-on position and requires technical security proficiency within the AWS ecosystem. You must have experience in a DevOps environment (Not looking for ITIL people.. Sorry!)
Role: Security Engineer
Salary: Up to £85,000 + Benefits
·Work with the DevSecOps team for the design and development of security solutions using the approved automation and CI/CD tooling
·Recognise areas for security improvements within the cloud platform around automation and CI/CD, access controls, network, automated compliance, alerting and forensics etc.
·Managing the development, refresh and implementation of security policies, standards, guidelines and procedures
·You will be designing and implementing security automation best practices in a cloud native environment. You will be experienced in the prevention and remediation of security vulnerabilities for our client's applications running on AWS.
·Run, facilitate and support "game days" to test and validate security related alerting, incident responses, counter measures, SOC, operational processes, forensics, etc
·Define and support secure continuous delivery approaches including tooling and automated testing and deployments
·Establish, help implement and manage access controls for our clients
·Research, plan and help implement relevant solutions in collaboration with operations, architecture and development teams
·Create security focused dashboards in tooling to provide high value insights
·Take responsibility for creating design specifications, unit testing, and prepare technical documentation
·Responding swiftly to new and emerging security threats and vulnerabilities, investigating suspected attacks and help manage security incidents, including providing post-mortem analysis, identify causes, develop solutions and preventive measures
·Solid understanding of AWS services including VPC, ELB, IAM, EC2, Config, CloudTrail, CloudFormation and others
·Strong technical knowledge of secure engineering principles, privacy (DPA / GDPR) and compliance law and standards (OWASP\ISO\ISF\NIST)
·Working knowledge of Vulnerability/compliance, Patch management, Anti-malware, Access Control Management toolsets
·Understanding of DLP/IDS/IPS technologies, ability to construct custom signatures and investigate intercepted traffic/logs
·Experience in performing security vulnerability assessments
·Experience working with and integrating automated security tools into CI/CD pipelines (eg SAST, DAST, IAST, RASP)
Please get in touch for more details!