Senior DevSecOps Engineer

Company Description

OUTsurance is a customer-centric financial services company with a global footprint. We are vibrant, successful and values orientated with an awesome dynamic culture encapsulated by the ethos that clients and staff “always get something OUT.” Our success can be attributed, amongst other things, to the outstanding people that work for us.

Job Description

We are seeking a highly experienced Senior DevSecOps Engineer to join our team. The ideal candidate will have a strong background in software development, security, and operations, with experience in leading teams and driving DevSecOps initiatives.

Responsibility: DevOps (40%)

• Maintain & Administer Cloud Development Infrastructure
• Automate Deployments in Azure & On-Premises Environments
• Improve Automation of Security Controls
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly.

Responsibility: SecOps (50%)

• Identify, implement, and maintain security tools and technologies.
• Participate in regular security reviews and assessments of the infrastructure, applications, and processes.
• Up to date knowledge of security testing methodologies, tools, and frameworks (OWASP, IST, SANS, etc.)
• Schedule (and ideally automate) Vulnerability scans and tests, remediate findings and ensure accurate reporting to satisfy regulatory compliance.
• Perform quarterly penetration tests of all deployed projects and ensure implementation of items identified in remediation plans.
• Software dependency scanning.

Responsibility: Knowledge sharing & documentation (10%)

• Host the secure development forum for OUTsurance.
• Communicate effectively with stakeholders at all levels of the organization, including technical and non-technical audiences.
• Develop and maintain security policies, procedures, and guidelines for development, deployment, and operations.

Qualifications

• 3 Years industry specific experience & Minimum 5 Years in Technology & Software
• Experience drafting and implementing security policies, security procedures, security design and implementation.
• Extensive knowledge of DevSecOps principles, practices, and tools, including containerization, orchestration, and automation
• Experience with cloud platforms (AWS, Azure, GCP) and infrastructure-as-code tools (Terraform)
• Familiarity with operational observability, including monitoring, log aggregation, application performance monitoring, etc.
• Solid knowledge of IT security (FortiGate Firewalls, Local Traffic Managers, SIEM, SOAR, EDR, XDR)
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain and Open Threat Networks
• Knowledge of security testing methodologies, tools, and frameworks (OWASP, NIST, SANS, etc.)
• Experience with security compliance frameworks (PCI DSS, HIPAA, GDPR, etc.)
• Great knowledge and understanding of Secure Code Development practices and tools such as SonarQube, AquaSec, Harbor, etc.

Additional Information

An ideal candidate will be able to align their personal work values to the OUTsurance values of Awesome Service, Passionate, Honest, Human, Dynamic and Recognition. Enthusiastic in dealing with challenges in a stressful, deadline orientated environment is essential.