DevSecOps Engineer

Here at esure, we're no strangers to change. As one of the industry leaders in the insurance business, striving to become a world class digital insurer, we're getting ready for more. It's creating great new opportunities for innovative and talented industry professionals to join us at a pivotal point in our development.

It's an opportunity you simply don't want to miss. You can expect our investment in you to include a highly competitive package, career and development opportunities and flexible benefits built around you and your lifestyle.

Day to Day Duties:

• Acting as the central point of contact within the business with regards to information security in the Cloud
• Implement security strategies within CI/CD pipeline
• Collaborate with multiple DevOpSquads to advocate security practices
• Collaborate with Cloud Security and Security Architects in maintaining/extending Cloud Security patterns and use cases.
• Continually review and extend Cloud Security Playbooks and preventative controls
• Collaborate with internal and external DevOps teams and where necessary provide guidance of adopting security by design and if necessary, remediate identified vulnerabilities
• Support the development of security operations for monitoring, testing, and where necessary conduct Cloud implementation audits
• Where appropriate support Incident Response team

Essential

• Continual passion to learn and inspire
• You will need to have a good background in DevOps practices working with CI/CD pipelines, e.g. Jenkins, Gitlab CI
• Cloud Platforms particularly AWS; Solid experience and background working with AWS services (EC2, EKS(K8), VPC, ELB, S3, RDS, Lambda, SNS, ELK, etc.)
• Proficiency with Python, Terraform and AWS CLI
• Experience of API integration and Security techniques
• Knowledge of AuthN/AuthZprotocols, such as OpenID Connect, OAuth, SAML and AD;
• Awareness of vulnerability management and penetration testing tools, such as NMAP, Nessus, Qualys, Burp, ZAP, Kali Linux, or Metasploit
• Computer Science degree or related experience

Desirable

• AWS Security Specialist qualification is desirable
• Application Security knowledge
• You may have experience with application security tooling (SAST, DAST etc.)
• OCI / Provenance and security inspection/test tools
• Apache Ranger
• Data driven pipelines
• Risk modelling concepts (e.g. STRIDE/DREAD)
• Working with Data platform engineers

Benefits

• 25 days holiday plus bank holidays
• 25% discount on esure & Sheila's Wheels insurance (10% for immediate family) or a guarantee to beat any other insurer's renewal quote on both home and car insurance
• 15% Discount on esure and Sheila's Wheels Travel Insurance
• Discretionary Bonus
• Festive Bonus
• BUPA - Private medical cover for eligible colleagues
• Flu Jabs and Eye Care - Free flu jabs every winter, free eye tests every two years and £50 towards VDU glasses

In light of the current Covid-19 pandemic, we want to emphasise to all applicants that the safety and wellbeing of our candidates and colleagues is esure Group's number one priority. All interviews will be conducted remotely via a video conference platform to ensure that everyone involved is adhering to the social distancing guidance.