27 days holiday
Buy or sell holidays
Regular social events
£350 Christmas vouchers
Birthday off work
What to expect
About the role
We are looking for an experienced Lead DevSecOps / Security Engineer to drive the culture of Security-as-Code within the Technology organisation, making sure we deliver best practice in application security across Commify.
You will design and execute a plan to deliver best practices in application and infrastructure security across our platforms, both on-premise and within Azure. You will closely work with the engineering teams and senior stakeholders across the business to build a world-class SDLC.
Perhaps working as a security engineer at a medium-size company. You are looking to join a similar sized team where you can own and drive the security roadmap and have a big impact on the entire group and our customers. You are organised, process-oriented and able to work independently to complete tasks and projects. You are a great communicator, used to interacting with many different parts of a business.
We make business communication brilliant! We work with more than 45,000 companies, helping them to transform their mobile communication with their customers and employees. Our success is the result of hundreds of talented people pulling together to achieve a common goal. Join our team and be part of our success story.
You will thrive in an environment of passion, integrity, ownership and innovation, where development and progression is a real focus. We’d like to think we have everything you’d expect from a benefits package, from 27 days holiday and your birthday off work, to private medical cover, dental cover and bi-monthly social events! On top of this you can expect £350 of Christmas vouchers and added extras like beer o’clock and an amazing Christmas party.
What you’ll be doing
- Work in a fast-paced environment with cross-functional stakeholder engagement to define and deliver the DevSecOps strategy and roadmap required to meet the growth and scale of our platforms
- Design, develop, and operationalise monitoring, correlation, and alerting capabilities for our infrastructure and applications to identify suspicious or abnormal behaviour
- Increase application security using tooling to detect and flag vulnerabilities in our CI/CD pipelines to provide faster feedback to engineers
- Coach and mentor engineers on cyber-security best practices; holding regular guilds to focus on prevention and awareness
- Research and suggest new services, technologies and methodologies; promoting the evolution of our DevSecOps processes
- Improve and enhance incident detection and response capabilities while building tools and frameworks for automating these capabilities
- Identify and track vulnerabilities within the platform and infrastructure, ensuring stories are created to remediate risks within an acceptable time frame
- Help perform threat modelling across our platform and infrastructure integrations
What we’re looking for
We’re interested in hearing from candidates with extensive experience within a Lead DevSecOps / Security Engineer role working with distributed engineering teams to implement infrastructure and application security best practices. As well as this we’re interested in hearing from candidates who have;
- In-depth knowledge of security best practices within the Microsoft Azure stack
- Experience in developing security tools, processes and telemetry to improve threat detection and threat mitigation
- Experience with incident and response management around security threats and vulnerabilities
- In-depth understanding of the OWASP top 10 security risks and how to best mitigate against them
- Experience of maturing monitoring, threat detection, and response capabilities, including automating cumbersome manual processes
- Great communication skills; comfortable interacting with many different parts of a business/stakeholder group
- Knowledge and understanding of various disciplines such as security engineering, system and network security, authentication and security protocols, and cryptography
- Experience with implementing tooling and static code analysis to detect and flag vulnerabilities as part of our CI process
- Experienced using GitHub with a firm understanding of various branching/merging strategies
It would be great if you also had:
- Experience of implementing proven security testing frameworks into high throughput environments
- Knowledge of Infrastructure security best practices within IaC, ideally Terraform
- Experience with external security audits and certification procedures
What to do next
To apply please send your CV to firstname.lastname@example.org by 8th November 2020.
We’re committed to building a team with a variety of backgrounds, views and skills, embracing our key values. The more diverse and inclusive we are, the stronger we are as a team. We encourage applications from all candidates with the relevant skills and experience.
The legal stuff