Lead DevSecOps Engineer

Our Benefits

City location

Private healthcare

27 days holiday

Buy or sell holidays

Bonus scheme

Pension scheme

Regular social events

£350 Christmas vouchers

Loyalty awards

Birthday off work

What to expect

About the role 

We are looking for an experienced Lead DevSecOps / Security Engineer to drive the culture of Security-as-Code within the Technology organisation, making sure we deliver best practice in application security across Commify.

You will design and execute a plan to deliver best practices in application and infrastructure security across our platforms, both on-premise and within Azure. You will closely work with the engineering teams and senior stakeholders across the business to build a world-class SDLC.

Perhaps working as a security engineer at a medium-size company. You are looking to join a similar sized team where you can own and drive the security roadmap and have a big impact on the entire group and our customers. You are organised, process-oriented and able to work independently to complete tasks and projects. You are a great communicator, used to interacting with many different parts of a business.

About Commify

We make business communication brilliant! We work with more than 45,000 companies, helping them to transform their mobile communication with their customers and employees. Our success is the result of hundreds of talented people pulling together to achieve a common goal. Join our team and be part of our success story. 

You will thrive in an environment of passion, integrity, ownership and innovation, where development and progression is a real focus. We’d like to think we have everything you’d expect from a benefits package, from 27 days holiday and your birthday off work, to private medical cover, dental cover and bi-monthly social events! On top of this you can expect £350 of Christmas vouchers and added extras like beer o’clock and an amazing Christmas party.

What you’ll be doing

You will:

  • Work in a fast-paced environment with cross-functional stakeholder engagement to define and deliver the DevSecOps strategy and roadmap required to meet the growth and scale of our platforms
  • Design, develop, and operationalise monitoring, correlation, and alerting capabilities for our infrastructure and applications to identify suspicious or abnormal behaviour
  • Increase application security using tooling to detect and flag vulnerabilities in our CI/CD pipelines to provide faster feedback to engineers
  • Coach and mentor engineers on cyber-security best practices; holding regular guilds to focus on prevention and awareness 
  • Research and suggest new services, technologies and methodologies; promoting the evolution of our DevSecOps processes
  • Improve and enhance incident detection and response capabilities while building tools and frameworks for automating these capabilities
  • Identify and track vulnerabilities within the platform and infrastructure, ensuring stories are created to remediate risks within an acceptable time frame
  • Help perform threat modelling across our platform and infrastructure integrations

What we’re looking for

We’re interested in hearing from candidates with extensive experience within a Lead DevSecOps / Security Engineer role working with distributed engineering teams to implement infrastructure and application security best practices. As well as this we’re interested in hearing from candidates who have;

  • In-depth knowledge of security best practices within the Microsoft Azure stack 
  • Experience in developing security tools, processes and telemetry to improve threat detection and threat mitigation
  • Experience with incident and response management around security threats and vulnerabilities
  • In-depth understanding of the OWASP top 10 security risks and how to best mitigate against them
  • Experience of maturing monitoring, threat detection, and response capabilities, including automating cumbersome manual processes
  • Great communication skills; comfortable interacting with many different parts of a business/stakeholder group
  • Knowledge and understanding of various disciplines such as security engineering, system and network security, authentication and security protocols, and cryptography 
  • Experience with implementing tooling and static code analysis to detect and flag vulnerabilities as part of our CI process
  • Experienced using GitHub with a firm understanding of various branching/merging strategies 

It would be great if you also had:

  • Experience of implementing proven security testing frameworks into high throughput environments
  • Knowledge of Infrastructure security best practices within IaC, ideally Terraform
  • Experience with external security audits and certification procedures

What to do next

To apply please send your CV to recruitment@esendex.com by 8th November 2020.

Diversity

We’re committed to building a team with a variety of backgrounds, views and skills, embracing our key values. The more diverse and inclusive we are, the stronger we are as a team. We encourage applications from all candidates with the relevant skills and experience.

The legal stuff

Esendex is committed to protecting the privacy and security of your information. Personal information submitted as part of the recruitment and selection process will only be used for these purposes. We will retain information for up to 12 months, after which it will be deleted or destroyed. For full information about your rights in relation to your data, please see our full Recruitment Privacy Policy here.