Senior Security Engineer - Devops - Python/.NET - IaaS - Investment Banking (trading) - PERMANENT

Senior Security Engineer - Devops - Python/.NET - IaaS - Investment Banking (trading) - PERMANENT

PURPOSE AND SUMMARY

As a Senior Security Engineer, you will be working in the InfoSec Exposure Management (which also includes Vulnerability Management) team, and will be responsible for:

• managing internal and external exposure & vulnerability tooling,
• working with various technology teams to automate and integrate various data sources that will help with technical risk calculation and risk reporting.

The role is critical to minimising the risk of business disruption, reputational damage, and customer impact.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Identify and automate the collection on data point to continuously:
• discover external assets or digital footprint
• discover internal assets or digital footprint
• evaluate the vulnerability exposure
• calculate the technical vulnerability risk by using asset and threat Intel data
• Automate the reporting and alerting of technical vulnerability risk to different stakeholders
• Automate the creation of security KRI and KPI.
• Automate security policy enforcement rules
• Review and optimize processes to ensure complete coverage of environment
• Automate the collection of technical vulnerabilities across:
• Classic Infrastructure or Cloud (AWS),
• Operating Systems,
• Web Applications,
• APIs

SKILLS & EXPERIENCES ASSESSMENT

As an experience Senior Security Engineer, you will have:

• Good understanding of modern engineering patterns and tools.
• Practical experience with Infrastructure as Code and Continuous Delivery, and particularly with implementing them securely, and successfully encourages their adoption.
• Experienced writing production code in at least one modern high-level language, such as Python, Node, or .NET.
• Good understanding of Exposure & Vulnerability Management for Classic environments and XaaS platforms
• Good understanding of Web Application Security frameworks, common vulnerabilities and associated remediations
• Frameworks and methodologies such as CVSS, CIS Benchmarking, OWASP, MITRE
• Ability to work with large datasets and automate the analysis of the potential impact on Instinet security posture.

JOB KNOWLEDGE, QUALIFICATIONS AND EDUCATION

• Attack Surface Management tools
• Vulnerability Management tools
• Working knowledge/experience with REST APIs
• SecOps, DevSecOps experience
• Experience with data aggregation, visualization and analytics tools

By applying to this job you are sending us your CV, which may contain personal information. Please refer to our Privacy Notice to understand how we process this information. In short, in order to supply you with work finding services, we will hold and process your personal data, and only with your express permission we will share this personal data with a client (or a third party working on behalf of the client) by email or by upload to the Client/third parties vendor management system. By giving us permission to send your CV to a client, this constitutes permission to share the personal data that would be necessary to consider your application, interview you (Phone/video/face to face) and if successful hire you.

Scope AT acts as an employment agency for Permanent Recruitment and an employment business for the supply of temporary workers. By applying for this job you accept the Terms and Conditions, Data Protection Policy, Privacy Notice and Disclaimers which can be found at our website.