Technical Consultant – Secure SDLC Engineer
FIL Bengaluru Office
Applications have closed
Fidelity International
Fidelity International offers investment solutions and retirement expertise to institutions, individuals and their advisers around the world.Job Description
Title: Technical Consultant – Secure SDLC Engineer
Department: Global Cyber and Information Security
Location: Bangalore / Gurgaon
Reports To: Head of Cyber Assurance (TBC)
Level : 5
We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our team and feel like you’re part of something bigger.
Department Description
The Global Cyber & Information Security function is a part of the Global Technology department. The Global Technology Group function provides IT services to the Fidelity International business. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.
Global Cyber & Information Security is made up of the following functions;
- Application Security (through secure coding practices, penetration testing, and developer training)
- Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access Control
- Infrastructure Security
- Security Engineering and Architecture
- Security Application Support
- Cyber Defence Operations (CDO)
- Information Security (and the ISO function)
- Customer Identity & Protection
Security Application Support (Application Security) team under GCIS - Cyber Assurance function conducts security testing of FIL developed and/or externally procured applications to identify potential threats and vulnerabilities in the code, and ensures robust security measures through a range of assurance functions and processes. The team conducts application security design reviews, threat modelling, secure code reviews, review of open-source components, dynamic testing and penetration testing.
Purpose of your role
Your role as Engineer for the Secure SDLC product team will be to support the Product Owner to design, deliver and run components that integrate security products with Enterprise Delivery tools to assure that applications have been rigorously tested for security compliance before reaching Production. You will work with stakeholders within Technology to deliver standardised, commoditised capabilities with clear usage guidance promoting self-service to ensure the service is managed with high efficiency and low friction.
As part of your role, you will need to build and maintain high quality engineered components using Fidelity best practice and principals as required by the product team. You will take the guidance of the lead engineer to grow your technical ability to support a sustainable service that continues to meet the needs the key consumers and stakeholders.
Key Responsibilities
This position requires a strong, flexible, and approachable self-starter with extremely solid technical programming background and influencing skills, who can lead from the front and support application delivery teams with service consumption and operation. Key responsibilities include:
- Delivery of secure, automated, self-serviced, innovative & cost-efficient security services reliably and repeatedly for consumption of application delivery teams.
- Bring modern engineering principals to the delivery of components such as extreme programming methodologies, pair programming, strong requirements definition and test-driven development.
- Guide consumers to understand how to consume product services and support development communities.
- Proactive engagement with the Product team taking pride in and taking responsibility for the quality and consumability of the Service. Ensuring modern ways of working within the team and pushing for continual improvement through ceremonies such as regular retros.
- Actively coach & support other team members globally through pairing, encouraging an open collaborative working culture within and outside the team.
Experience and Qualifications Required
The ideal candidate will have:
- A strong development & infrastructure engineering background with hands on experience of cloud-based technologies across multiple cloud providers.
- Appreciation of DevSecOps principals including Scripting, Code Repositories, Code Pipelines, IaC, RESTful APIs, TDD
- Practical experience of software delivery and SDLC best practice. Practical experience in Agile development methods - Scrum, Kanban, SAFe.
- Excellent knowledge of creating & managing continuous delivery pipelines enabling continuous integration using test driven development with high coverage in a multi-tenant, full stack Production enterprise cloud configuration where rolling intra-day upgrades are BAU, security & audit requirements are met by default.
- Experience of developing solutions on Cloud platforms, ideally AWS.
- Excellent communication and collaboration skills. Confident to present to stakeholders at all levels of the organisation.
- Strong Problem-Solving skills, able to recommend and make final decisions but also able guide and empower others to be self-sufficient.
- Good knowledge of security standards & frameworks (e.g. NIST, CIS CSC)
- Strong appreciation for service management principals and service excellence.
- Security certifications like CISSP, GIAC or Cloud certifications like AWS, Azure are desirable.
What sets you apart from the crowd:
- Passionate technologist, who invests deeply in the success of their team.
- Understanding of Team Topologies and Fast Flow
- Keen interest in Security and efficient delivery of Security services.
Feel rewarded
For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.
For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security AWS Azure CISSP Cloud Compliance DevSecOps Finance Full stack GIAC Kanban NIST Pentesting Scripting Scrum SDLC TDD Vulnerabilities
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs