DevSecOps Consultant

  • Location

    Sunbury-On-Thames, Middlesex

  • Sector:

    Technology

  • Job type:

    Contract

  • Salary:

    £650 - £700 per day

  • Contact:

    Viki Dowthwaite

  • Contact email:

    viki.dowthwaite@xcede.co.uk

  • Job ref:

    HQ00027224_1550077427

  • Published:

    2 months ago

  • Duration:

    9 Months

  • Expiry date:

    2019-04-14

  • Startdate:

    ASAP

  • Consultant:

    #

DevSecOps Consultant

Start: ASAP
End: 31st Dec 2019
Location: Sunbury
Rate: £650PD - £700PD

We are looking for a highly technical DevSecOps Consultant who has strong a Dev background, who can shape and advise on the development of a DevSecOps within a dynamic and rapidly changing truly global organisation.

The successful candidate must have previously built and defined a Dev/Security function.

*Work with senior security leadership to build a DevSecOps function.
*Help to develop the DevSecOps policies/procedures and documentation supporting the defined strategy.
*Advise and support Products, Projects and Programmes in DevSecOps methods and leading practice.
*Define policy for the security of CICD, (such as answering the question, what code can/cannot pass through gates
*Evaluate, recommend and support the implementation of:
oEffective security code scanning solutions;
oSecrets management solution;
oSecure use of open source code;
oIntegration of enterprise identity governance solution;
oSecuring Serverless architecture

Key Skills:

*Strong Dev background, with the ability to communicate with highly technical DevOps engineers.
*DevSecOps thought leader, with the ability to communicate clearly and with authority to senior technical and non- technical leadership member.
*Security Scanning tools (e.g. Blackduck).
*Secret management tools (e.g. AWS secrets management).
*Security Serverless architectures (e.g. Azure Lambda).
*Deep understanding of Cloud Security.
*Demonstratable experience securing APIs, Container Security, Cloud Security.
*Demonstratable experience securing of Salesforce, SAP and other enterprise systems.
*Programming languages (Python, Java etc.).
*Deep knowledge of InfoSec frameworks (e.g ISO27001, NIST, PCI DSS etc).
*DevOps container/orchestration tools (Kubernetes, Docker, Puppet etc).