IT Security Salesforce Engineer

Overview

My client, a Professional Services company, is looking for an IT Security Salesforce Engineer to join their client (in the Insurance sector) on site in London (2/3 days per week).

Role

As a Security Engineer, you'll provide hands-on technical expertise to guide software development, delivery and continuous improvement with a focus on risk and security. You'll help evolve our new Digital Platform so that it is secure and compliant with both internal and industry regulations. You will analyse new feature code to identify security risks and work with engineers to mitigate them, applying modern security standards such as OWASP CI/CD, DSOMM, SAMM and Cloud Security Posture management systems such as Azure Defender and Prisma Cloud.

Responsibilities

• Analyse new feature code to identify security risks and work with engineers to mitigate these
• Deliver improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation)
• Work with our Information Security teams to ensure Security policies are implemented in the most efficient and flexible manner
• Design, build, operate monitoring and alerting technology for large, complex multi-site B2C and B2B applications
• Design, build, operate and optimise logging technology so that more and more data can be gathered about sites' holistic performance and reliability
• Contribute to definition of, adhere to & uphold coding standards and our software delivery lifecycle to ensure the delivery of secure, quality systems

Qualifications

• Engineering expertise in complicated Salesforce environments. Experience with Copado for CI/CD is a plus
• Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred)
• Experience with modern standards such as OWASP CI/CD, DSOMM, SAMM; experience with Cloud Security Posture management systems such as Azure Defender, Prisma Cloud (preferred)
• Expertise with SAST & SCA systems such as Snyk, Checkmarx (essential), including policy
• Comfortable working with teams to develop Threat Models as part of risk assessment (preferred), including remediation plans
• Experience with DAST systems such as OpenZAP, Qualys DAST (preferred), ideally with HTTP APIs
• Experience with API security models, including OAuth2 and Zero Trust concepts (preferred)
• Experience with Azure DevOps and multi-stage pipelines. Managing large-scale software estates from an operational perspective (build, release, monitoring, rollbacks, High Availability, etc.)
• Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols, etc.), cloud network design (VPNs, subnets, regions/zones, etc.), and integration-related technologies (e.g., Auth0, API Management)
• Experience in hands-on building of automated security test suites

About the job

Contract Type: Permanent

Focus: Information Security

Workplace Type: Hybrid

Experience Level: Senior Management

Location: London

Salary: £90,000 - £125,000 per annum

Industry: Banking

Company: Robert Walters

How to apply

If the above is of interest please message on or call . Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates.