Senior DevSecOps Engineer
London, United Kingdom
6d ago

The London Stock Exchange is looking for a DevSecOps Engineer who will facilitate and enable Group Application Security to establish, operate and further develop the Team’s automated scanning capabilities.

The successful candidate will be working closely with Application Security, development teams and central CI / CD tooling teams to embed SAST and SCA tooling into build pipelines.

The ideal candidate will have a software development background and have transitioned in the Application Security domain.

will be expected to have adequate understanding of key security testing methodologies such as SAST, DAST, SCA, IAST and Penetration Testing, as well as their relative merits.

Previous experience in Coverity and BlackDuck roll-out will be key.

You will be expected to play a key role in evangelising the benefits of Application Security and contribute to the continuous improvement of the offerings and the team’s agenda towards Shifting Left’.

Key Functions of the role :

  • Roll-out a centralised installation of Coverity
  • Enabling teams to consume Application Security offerings, primarily SAST and SCA, by embedding them into their BAU practices
  • Working closely with teams that manage central CI / CD to ensure automated scans are an out-of-the-box offering
  • Automating recurrent tasks
  • Produce Knowledge Transfer material
  • Evangelise Application Security as an enabler as opposed to a blocking point
  • Furthermore, the ideal candidate will have the following traits :

  • Critical thinker
  • Ability to work well under pressure
  • Hands-on experience in enterprise scale implementations of SAST and SCA
  • Hands-on experience in developing and maintaining tools
  • Excellent scripting skills (Python, bash, PowerShell)
  • Knowledge of CI / CD tools (Jenkins, Bamboo, TFS) and experience in integrating security tools in build pipelines
  • Hands-on experience with source control (Git, GitLab, BitBucket)
  • Hands-on experience with Configuration Management and Infrastructure as Code tools (Ansible / Terraform)
  • Knowledgeable in AWS
  • Good verbal and written communication skills, with particular ability to communicate technical concepts to non-technical audiences
  • Willing to expand skillset
  • Practical application of lessons learned into the team’s practices
  • Beneficial skills and experience

  • Prior security testing experience
  • Ability to triage static analysis findings
  • Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
  • Familiarity with OWASP Top 10, SANS Top 25, NIST and ASVS
  • Familiarity with emerging testing methodologies, such as IAST
  • People are at the heart of what we do and drive the success of our business. Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence are at the core of our culture.

    We embrace diversity and actively seek to attract people with unique backgrounds and perspectives. We are always looking at ways to become more agile so we meet the needs of our teams and customers.

    We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG.

    A career with London Stock Exchange Group offers you the opportunity to be at the centre of the financial community. As well as competitive salaries and a range of attractive benefits, we maximise each employee’s potential through personal development plans, training, coaching and mentoring.

    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form