SecOps Engineer

SecOps Engineer

We're looking for a SecOps Engineer to help us get to cyber resiliency in our infrastructure. You will be responsible for ensuring security standards are set and adhered to for operational excellence in the areas of availability, productivity, capacity, and efficiency.

Responsibilities:

  • Define & execute on company’s strategy for a secure infrastructure, applications and third party vendors
  • Understanding the tooling behind the security
  • Analyse, identify and remediate security weaknesses in cloud infrastructure
  • Build cyber resiliency in our cloud infrastructure
  • Consult on security-critical infrastructure and system features
  • Championing improvements for a company’s security controls, identifying automation opportunities and tools that could improve the ability to detect and react to events
  • Internal infrastructure network testing, mainly within Kubernetes clusters
  • Vulnerability assessment (VMs, container images)
  • Container runtime security
  • Web application security testing (ability to identify vulnerabilities within the OWASP Top Ten)
  • Static Application Security Testing (SAST) and DAST (Dynamic Application Security Testing); mainly automated but some manual work required to eliminate false positives
  • Mobile Application Security Testing (MAST)
  • Participate in security code reviews
  • Develop KPIs to show how many issues found and how many issues fixed
  • Participate in security architecture reviews
  • Assist with automation to help development and operations consume security service

Requirements:

  • Experienced with Application Security Tools (SAST, DAST, SCA)
  • Knowledge on threat modelling and security design review methodologies
  • Promoting security knowledge sharing within technical organisations
  • Assisting in the design of enhancements to the cloud security strategy by identifying and alerting on appropriate event types
  • Managing CI/CD security strategy with integration of Security as Code (SaC) and Policy as Code (PaC)

Nice-to-haves:

  • Ability to carry out manual code security review (this would mean some knowledge of the Javascript, Java, PHP, Go, C#, Python, Terraform, HTML, XML and CSS languages)
  • Experience in helping an organisation to meet the PCI DSS and SOC-2 compliance standards
  • Experience in Kubernetes
  • AWS/GCP exposure.

Qualification:

  • Bachelor’s or master’s degree in Computer Science, Information Technology, or a related field, or 1 years equivalent practical Information Security professional experience.
  • 1+ years of Information Technology experience with a focus on Security.
  • 1+ years of experience in Cloud Administration, Networking, or another operations-related field.
  • Candidates should have exceptional troubleshooting and problem-solving skills.
  • Experience engineering and operating public-facing infrastructure
  • Knowledge with integrating crucial security tasks into CI/CD pipelines

Please attach your latest resume in PDF format while applying.

Apply Now