Brickendon Consulting - DevSecOps Engineer (5-8 yrs)

Company Description :

Brickendon is an award-winning global transformational management and technology consultancy specializing in delivering change in complex, highly regulated environments.

With expertise in financial services and the public sector, we empower business and IT leaders to turn strategy into operational reality.

Our global locations have generated over $250 million in sales revenue, delivering $1.5 billion in operational value for our clients.

Job Description :

We are looking for DevSecOps Engineer for 6 Months Contract to Join our dynamic team at Brickendon.

The DevSecOps Engineer will be responsible for day-to-day tasks related to securing and automating the building, deployment, and maintenance of software applications.

Contract duration : 6 months

Work schedule (Remote/Hybrid/Onsite) : Remote

Shift involved (Regular/Rotational) : UK Timings

Key Responsibilities :

- SecOps Standards : Develop and update application security standards, secure coding principles, and threat modelling processes.

- Application Security Support : Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance.

- Vulnerability Assessment : Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and engage in security automation efforts and process improvements.

- Penetration Testing : Exposure to web application and APIs application penetration tests. And conduct network and cloud penetration tests to identify security weaknesses.

- Security Monitoring & Incident Response : Deploy and manage security tools, detect threats, prevent sensitive data leaks and address incidents.

- Infrastructure & Cloud Security : Safeguard infrastructure on AWS, GCP, or Azure, focusing on encryption, IAM, and network security.

- Security Automation : Integrate security into CI/CD pipelines and automate compliance checks.

- Compliance & Governance: Ensure adherence to security regulations (e., GDPR, SOC 2, ISO 27001).

- Stay updated on emerging threats and apply security best practices.

Qualifications :

Education : Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.

Experience :

- Minimum of 3-5 years in DevSecOps or security engineering, with a focus on cloud security.

- Proficiency in DevSecOps operations and Application Security.

- Familiarity with "secure by design" and "shift left" security principles.

- Strong knowledge of software security risks and threats (OWASP top 10).

- Secure Software Development Lifecycle (SDLC) knowledge.

- Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).

- Strong scripting skills (Python, Bash) for security automation.

- Proficient with cloud-native and containerized platforms with proven experience on Kubernetes (EKS), Jenkins, Docker, Terraform, etc.

- Excellent communication skills for cross-functional collaboration.

Preferred Certifications :

- Cybersecurity certifications such as CEH, Certified DevSecOps Engineer, AWS Security, CompTIA Security+ or relevant certification.

- Background in DevSecOps and integrating security into SDLC, Application security.