The security engineer role works to improve the security controls posture of our clients by translating architecture designs into functioning` security controls.

The security engineer will have hand on experience with cloud, CI/CD, security test automation, containerisation, AppSec tooling, and SaaS-based deployments. In addition, the security engineer is expected to quickly understand vendor solutions used by clients and be able to interact with client technology and security teams. Strong coding experience is desired as well (such as Python, Java, Go, JavaScript, Bash, and PowerShell).

 The Security Engineer will:

• Understand technical security concepts and be able to practically apply them in client environments; 

• Be proficient in modern development and deployment practices such as infrastructure as code, and continuous integration and continuous delivery;

• Strong understanding in at least one major cloud platform (AWS, Azure, GCP);

• Be able to pick up new technologies when client requirements apply (WAFs, firewalls, routers, switches, and other security appliances);

• Understand concepts of security operations; Be willing to at times go high level to discuss security posture with less technical clients and colleagues;

• Review security significant stories to assess completeness and safety against the acceptance criteria;

• Understand how development processes work and review contributions to projects for security acceptance; Can call out flaws in a process, solution, or implementation; and

• Identifies security automation opportunities where possible to allow security self-service on some projects.

 Technical knowledge and hands-on capability required in the below areas:

• DevSecOps and DevOps tools and frameworks; 

• Privileged access management and IAM; 

• Vulnerability and configuration scanning (SCA, SAST tools, container); 

• Secrets and cryptographic key management; 

• Application security such as OS hardening; WAF; web application security; API security; authorisation etc; 

• Data and DB security, hardening, and encryption and key management; and

• Network security/encryption in transit