Senior DevSecOps Engineer

This job is no longer active!

View all jobs LSEG Romania active

View all jobs Senior DevSecOps Engineer active on

View all jobs IT Hardware active on

View all jobs IT Software active on

Employer: LSEG Romania
  • IT Hardware
  • IT Software
  • Job type: full-time
    Job level: peste 5 years of experience
  • Updated at: 24.03.2020

    DevSecOps Engineer


    The London Stock Exchange is looking for a DevSecOps Engineer who will facilitate and enable Group Application Security to establish, operate and further develop the Team’s automated scanning capabilities. The successful candidate will be working closely with Application Security, development teams and central CI/CD tooling teams to embed SAST and SCA tooling into build pipelines.

    The ideal candidate will have a software development background and have transitioned in the Application Security domain. will be expected to have adequate understanding of key security testing methodologies such as SAST, DAST, SCA, IAST and Penetration Testing, as well as their relative merits. Previous experience in SAST and SCA roll-out will be key.

    You will be expected to play a key role in evangelising the benefits of Application Security and contribute to the continuous improvement of the offerings and the team’s agenda towards ‘Shifting Left’.

    Key Functions of the role:

    • Enabling teams to consume Application Security offerings, primarily SAST and SCA, by embedding them into their BAU practices
    • Working closely with teams that manage central CI/CD to ensure automated scans are an out-of-the-box offering
    • Automating recurrent tasks
    • Produce Knowledge Transfer material
    • Evangelise Application Security as an enabler as opposed to a blocking point

    Furthermore, the ideal candidate will have the following traits:

    • Critical thinker
    • Ability to work well under pressure
    • Hands-on experience in enterprise scale implementations of SAST and SCA
    • Hands-on experience in developing and maintaining tools
    • Excellent scripting skills (Python, bash, PowerShell)
    • Knowledge of CI/CD tools (Jenkins, Bamboo, TFS) and experience in integrating security tools in build pipelines
    • Hands-on experience with source control (Git, GitLab, BitBucket)
    • Hands-on experience with Configuration Management and Infrastructure as Code tools (Ansible / Terraform)
    • Knowledgeable in AWS
    • Good verbal and written communication skills, with particular ability to communicate technical concepts to non-technical audiences
    • Willing to expand skillset
    • Practical application of lessons learned into the team’s practices

    Beneficial skills and experience:

    • Prior security testing experience
    • Ability to triage static analysis findings
    • Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
    • Familiarity with OWASP Top 10, SANS Top 25, NIST and ASVS
    • Familiarity with emerging testing methodologies, such as IAST