Cyber Security, DevSecOps Engineer

WPP is the creative transformation company. We use the power of creativity to build better futures for our people, planet, clients, and communities.

Working at WPP means being part of a global network of more than 115,000 accomplished people in 110 countries. WPP has headquarters in New York, London and Singapore and a corporate presence in major markets worldwide.

We create transformative ideas and outcomes for our clients through an integrated offer of communications, experience, commerce, and technology.

WPP and our award-winning agencies work with most of the world's biggest companies and organisations – from Ford, Unilever and P&G to Google, HSBC, and the UN. Our clients include 61 of the FTSE 100, 307 of the Fortune Global 500, all 30 of the Dow Jones 30 and 62 of the NASDAQ 100. WPP are the leader in the Bloomberg Gender Equality Index and 20th in the FTSE 100 rankings for Women on Boards.

Why we're hiring:

The Cyber Security DevSecOps Security Engineer reports to the DevSecOps Lead and will be WPP IT Cyber Security’s primary interface with allocated business areas operating in the DevOps space.

As part of a team of 4, implementing sec the role holder will be responsible for supporting the delivery and adoption of cyber security services within those operating companies as allocated. They will be required to build strong professional relationships and become a ‘trusted’ advisor on all matter’s DevSecOps related, providing services to key stakeholders including Developers, Business Leads, Operational Assurance Leads.

The role holder will have proven experience working in a security-as-code culture within a large organisation, implementing tooling, installing best practice in infrastructure and software security across the business platforms.  Applicants will be used to working proactively to identify security risks, issues and vulnerabilities within business tooling including CI/CD pipelines. Collaborating with Engineering and Development teams, coaching\advising on cyber-security best practices.

The role holder will work with the DevSecOps leadership to embed the right processes, tools and culture within the teams and be confident to make recommendations to senior stakeholders, as well as conducting top to bottom security audits and managing the delivery of changes required to achieve industry recognised certifications.

The role holder will successfully promote the further adoption of centralised security services and drive consistency and continual improvement across our business areas.

What you'll be doing:

• Act as subject matter expert for assigned businesses.
• Implementation of DevSecOps security controls and tooling.
• Support the Senior DevSecOps Lead in the uptake and delivery of centralised security services.
• Oversee the improvement and standardisation of security controls.
• Collect, aggregate, interpret and present security metrics to aid management reporting.
• Drive compliance to relevant security charters, policies, and standards across the business.

What you'll need:

Qualification Requirements

• MSC Information Technology degree (desirable but not essential).
• CISSP or similar (desirable but not essential).

Skills / Experience Requirements

• A broad understanding of cyber security capabilities, tools, processes, and frameworks.
• Be versatile and proactive.
• Be able to influence internal and external stakeholders.
• Able to manage multi-stakeholder projects and overcome challenges.
• Have excellent analytical, diplomatic and communications skills.
• 3-5 years of experience working in a DevSecOps engineering environment.
• Usage of CI\CD processes including the integration of security & quality tooling.
• Knowledge of DevSecOps processes and tools (Ansible, Jenkins, Git, Azure DevOps, Wiz, Snyk)
• Security Scanning tools (Static Code Analysis, Opensource and Container Scanning tools).
• Experience in working within modern application development and engineering teams using DevOps & Agile methodologies.
• Experience understanding of code versioning tools e.g Github, Github Actions, Terraform, Kubernetes, Containers, Python.
• Proficient with cloud platforms (AWS/GCP/Azure).

Who you are:

You're open: We are inclusive and collaborative; we encourage the free exchange of ideas; we respect and celebrate diverse views. We are accepting: of new ideas, new partnerships, new ways of working.

You're optimistic: We believe in the power of creativity, technology and talent to create brighter futures or our people, our clients and our communities. We approach all that we do with conviction: to try the new and to seek the unexpected.

You're extraordinary: we are stronger together: through collaboration we achieve the amazing. We are creative leaders and pioneers of our industry; we provide extraordinary every day.

What we'll give you:

Passionate, inspired people – We promote a culture of people that do extraordinary work.

Scale and opportunity – We offer the opportunity to create, influence and complete projects at a scale that is unparalleled in the industry.

Challenging and stimulating work – Unique work and the opportunity to join a group of creative problem solvers. Are you up for the challenge?

WPP is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability. We believe in creating a dynamic work environment that values diversity and inclusion and strives to recruit a diverse slate of candidates to help us achieve that goal.

Please read our Privacy Notice for more information on how we process the information you provide.