We are looking for a DevSecOps/AppSec Specialist to work as part of the Cyber Assistance Team, providing expert hands-on cyber security support to our development teams across the organistaion. You will be working to find better ways to defend and protect the development pipeline by building automation into processes and building in AWS and Azure native safeguards where appropriate. Details:
As a DevSecOps/AppSec Specialist you will:
- 6 month initial contract - likely to extend
- Inside IR35
- London/National - remote working
- Up to £600 per day
- Full Job description available, please apply here for more details
As a DevSecOps/AppSec Specialist the Required Experience:
- Implement consistent DevSecOps best practices for the MoJ organisation.
- Develop, maintain and automate security tools and techniques to implement a secure software development lifecycle (SDLC), providing continuous assurance that systems are protected against common threats.
- Lead and participate in workshops to raise awareness of security vulnerabilities and mitigations available to teams.
- Help to address product security requirements by deploying homegrown and off-the-shelf tools.
- Coordinate with developers and product management to ensure these tools are fit for purpose.
- Drive improvements in teams that ultimately improve audit outcomes.
- Collaborate with internal and external DevOps Teams to advocate software security practices and with Cloud Security and Security Architects in maintaining/extending Cloud Security patterns and use cases.
- Communicate security findings to stakeholders in a clear and actionable fashion, focusing on real-world impact and with pragmatic options for resolution.
- Maintaining good practice around code repo's (like Github), identifying and remediating weaknesses in Open Source libraries.
- You have successfully established relationships with development teams based on collaboration, emotional intelligence, and pursuit of excellence.
- You have experience of techniques like SCA, SAST, DAST, IAST etc to the development pipeline.
- You have experience of modern development practices, cloud and container technologies such as Docker and Kubernetes.
- You have knowledge of lightweight Threat Modelling techniques.
- You have experience with infrastructure as code - Terraform, AWS CodePipeline, etc.
- You have hands-on experience with CI/CD tools like Jenkins and CircleCI.
- Experience working in AWS and/ or Azure.
If you are interested to in this DevSecOps/AppSec Specialist contract, please apply here and we'll be in touch within 48 hours.
This job was originally posted as www.cwjobs.co.uk/job/94519213