Technical Consultant – Secure SDLC Engineer

About the OpportunityJob Type: Permanent

Application Deadline: 31 May 2024

Job Description

           

           

Title: Technical Consultant – Secure SDLC Engineer                          

Department: Global Cyber and Information Security                                      

Location: Bangalore / Gurgaon

Reports To: Head of Cyber Assurance (TBC)

Level :  5

We’re proud to have been helping our clients build better financial futures for over 50 years. How have we achieved this? By working together - and supporting each other - all over the world. So, join our team and feel like you’re part of something bigger.

Department Description

The Global Cyber & Information Security function is a part of the Global Technology department.  The Global Technology Group function provides IT services to the Fidelity International business.  These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions.  The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation. 

Global Cyber & Information Security is made up of the following functions;

• Application Security (through secure coding practices, penetration testing, and developer training)
• Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access Control
• Infrastructure Security
• Security Engineering and Architecture
• Security Application Support
• Cyber Defence Operations (CDO)
• Information Security (and the ISO function)
• Customer Identity & Protection

Security Application Support (Application Security) team under GCIS - Cyber Assurance function conducts security testing of FIL developed and/or externally procured applications to identify potential threats and vulnerabilities in the code, and ensures robust security measures through a range of assurance functions and processes. The team conducts application security design reviews, threat modelling, secure code reviews, review of open-source components, dynamic testing and penetration testing.

Purpose of your role

Your role as Engineer for the Secure SDLC product team will be to support the Product Owner to design, deliver and run components that integrate security products with Enterprise Delivery tools to assure that applications have been rigorously tested for security compliance before reaching Production. You will work with stakeholders within Technology to deliver standardised, commoditised capabilities with clear usage guidance promoting self-service to ensure the service is managed with high efficiency and low friction.

As part of your role, you will need to build and maintain high quality engineered components using Fidelity best practice and principals as required by the product team. You will take the guidance of the lead engineer to grow your technical ability to support a sustainable service that continues to meet the needs the key consumers and stakeholders.

Key Responsibilities

This position requires a strong, flexible, and approachable self-starter with extremely solid technical programming background and influencing skills, who can lead from the front and support application delivery teams with service consumption and operation. Key responsibilities include:

• Delivery of secure, automated, self-serviced, innovative & cost-efficient security services reliably and repeatedly for consumption of application delivery teams.
• Bring modern engineering principals to the delivery of components such as extreme programming methodologies, pair programming, strong requirements definition and test-driven development.
• Guide consumers to understand how to consume product services and support development communities.
• Proactive engagement with the Product team taking pride in and taking responsibility for the quality and consumability of the Service. Ensuring modern ways of working within the team and pushing for continual improvement through ceremonies such as regular retros.
• Actively coach & support other team members globally through pairing, encouraging an open collaborative working culture within and outside the team.

Experience and Qualifications Required

The ideal candidate will have:

• A strong development & infrastructure engineering background with hands on experience of cloud-based technologies across multiple cloud providers.
• Appreciation of DevSecOps principals including Scripting, Code Repositories, Code Pipelines, IaC, RESTful APIs, TDD
• Practical experience of software delivery and SDLC best practice. Practical experience in Agile development methods - Scrum, Kanban, SAFe.
• Excellent knowledge of creating & managing continuous delivery pipelines enabling continuous integration using test driven development with high coverage in a multi-tenant, full stack Production enterprise cloud configuration where rolling intra-day upgrades are BAU, security & audit requirements are met by default.
• Experience of developing solutions on Cloud platforms, ideally AWS.
• Excellent communication and collaboration skills. Confident to present to stakeholders at all levels of the organisation.
• Strong Problem-Solving skills, able to recommend and make final decisions but also able guide and empower others to be self-sufficient.
• Good knowledge of security standards & frameworks (e.g. NIST, CIS CSC)
• Strong appreciation for service management principals and service excellence.
• Security certifications like CISSP, GIAC or Cloud certifications like AWS, Azure are desirable.

What sets you apart from the crowd:

• Passionate technologist, who invests deeply in the success of their team.
• Understanding of Team Topologies and Fast Flow
• Keen interest in Security and efficient delivery of Security services.

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.