DevSecOps Engineer

Posted 9 days 11 hours ago by Robert Walters UK

Permanent
Full Time
Other
London, United Kingdom
Job Description

My client, a Professional Services company, is looking for an IT Security Engineer to join their client (in the Insurance sector) on site in London (Kent to be exact). Please note I am away from Thursday 14th August - Wednesday 20th August.

About the IT Security Engineer Role:

As a Security Engineer, you'll provide hands-on technical expertise to guide software development, delivery, and continuous improvement with a focus on risk and security. You'll help evolve our new Digital Platform to ensure it is secure and compliant with internal and industry regulations. You will analyze new feature code to identify security risks and work with engineers to mitigate them, applying modern security standards such as OWASP CI/CD, DSOMM, SAMM, and Cloud Security Posture management systems like Azure Defender and Prisma Cloud.

What you will be doing:

  • Analyze new feature code to identify security risks and work with engineers to mitigate these.
  • Deliver improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation).
  • Work with our Information Security teams to ensure security policies are implemented efficiently and flexibly.
  • Design, build, operate monitoring and alerting technology for large, complex multi-site B2C and B2B applications.
  • Design, build, operate, and optimize logging technology to gather comprehensive data on sites' performance and reliability.
  • Contribute to defining, adhering to, and upholding coding standards and our software delivery lifecycle to ensure the delivery of secure, quality systems.

What you'll bring:

  • Engineering expertise in complex Salesforce environments. Experience with Copado for CI/CD is a plus.
  • Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred).
  • Experience with modern standards such as OWASP CI/CD, DSOMM, SAMM, and cloud security posture management systems like Azure Defender and Prisma Cloud.
  • Expertise with SAST & SCA systems such as Snyk and Checkmarx, including policy management.
  • Ability to develop Threat Models as part of risk assessment, including remediation plans (preferred).
  • Experience with DAST systems such as OpenZAP and Qualys DAST, ideally with HTTP APIs (preferred).
  • Knowledge of API security models, including OAuth2 and Zero Trust concepts (preferred).
  • Experience with Azure DevOps, multi-stage pipelines, and managing large-scale software estates from an operational perspective (build, release, monitoring, rollbacks, High Availability).
  • Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols), cloud network design (VPNs, subnets, regions/zones), and integration technologies (e.g., Auth0, APIM).
  • Hands-on experience building automated security test suites.

If interested, please message me at or call .

Robert Walters Operations Limited is an employment business and agency, welcoming applications from all candidates.