What we are looking for:
We are looking for people who live by the dev-sec-ops mantra, make complex systems simple, secure and repeatable via automation. You should be capable of jumping between different platforms from live streaming infrastructure, to big data pipeline. You should not only be able to follow the industry best practices; we would love for you be able to introduce some. This is an exciting opportunity to build the next generation cloud platform blending a mix of state-of-the-art tools / techniques.
- Major focus on 'Detecting' and 'Protecting' (NIST Cyber Framework), and automating security and supporting AWS, Akamai and On-Premises infrastructure and Kubernetes.
- Focus on improving and further automating our SDLC; continuous secure delivery / continuous secure deployment pipelines.
- Work on security reporting tools. Implementing monitoring, alerting and real-time reporting for our applications and workflows, then fixing what the tools find.
You need to be subject matter expert in:
- AWS infrastructure and services (VPC, Guard Duty, Security Groups, IAM, ...)
- Strong understanding of Linux/UNIX systems
- Coding/scripting (Bash, Python, Go etc.)
- Strong knowledge of security fundamentals, including encryption, certificates, etc.
- Strong knowledge of networking fundamentals: DNS, load balancing, NAT, etc.
- Strong experience with CI/CD and automation tools (Jenkins, Bamboo, Terraform, ...)
- Penn testing and / or ethical hacking
- Understanding of container security
- Understanding of the common information security management frameworks such as International Standards Organisation, 27001, 27018 and NIST
- AWS Certifications
- Security certification e.g. CISSP
- Familiarity with content delivery networks (CDNs) and web service architectures
- Familiarity with system and application performance tuning
- Any contribution to Open Source Community is highly valued
Contact Ged Wilson for more information