We are looking for a Cloud Security Engineer for an ambitious and growing Cyber Security client in West London, with some remote working.
You will work to improve product security processes and tooling, across cloud deployments. Your work will help shape and implement the Secure Software Development Lifecycle (SSDL).
This job requires both hands on security work and high level planning and prioritisation.
Work will include all aspects of the SSDL and you will support the product teams by:
Using modeling and analysis to direct testing of software, systems and processes for vulnerabilities
Finding security flaws either by development or by use of existing tools, as well as driving tools to deliver on a test plan of your devising
Dealing with vulnerabilities when they have been found, including suggesting fixes and identifying process failures that led to vulnerabilities being present
Repeating the above and continuously improving on it.
We are looking for someone who can show empathy towards the development process. You will be able to work creatively to improve security in a way that fits the product teams, but be a leader and shape the process when it's inadequate.
Useful experience and skills:-
You will have several years experience doing security work. You're not expected to have all of the following skills, but they will be useful in performing your job.
Practical understanding of how data is protected at rest and in transit, including the particulars of TLS, PKI, encryption, key management, identity management and RBAC.
Familiarity with common problems found in software development - and mitigations in different circumstances. Think OWASP Top Ten.
Enthusiastic about writing threat models, and have kept them up to date as projects changed in previous roles.
Knowledge of securing a cloud environment, including Kubernetes. Experience specifically with Google Cloud and GKE is a plus.
Experience with the software build process, static analysis and understanding of the benefits of Continuous Integration.
Understanding of security testing, for example using tools such as OWASP Zap, Burp Suite or Nmap.
It's not expected that you would be familiar with Go (or any of the other languages we use) but you should be an enthusiastic programmer willing to learn new things
Mayflower is acting as an Employment Agency in relation to this vacancy.
This job was originally posted as www.totaljobs.com/job/90774264