DevSecOps Engineer (Fintech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
DevSecOps Engineer (Fintech): Enhancing the security of applications, APIs, and infrastructure through preventative controls and automated security testing with an accent on purple team activities and SDLC integration. Focus on implementing SAST/SCA/DAST tooling, conducting threat modeling, and collaborating with engineering teams to remediate vulnerabilities.
Location: London, UK
Company
A global leader in asset servicing and operational solutions for alternative investments, operating as a division of the Mitsubishi UFJ Financial Group.
What you will do
- Act as a security champion to foster a secure-by-design approach across the business.
- Implement and manage SAST/SCA and automated DAST solutions to maximize testing coverage.
- Conduct threat modeling and review application architectures to identify risks early in the SDLC.
- Perform penetration testing on internally developed applications and coordinate external assessments.
- Provide security guidance and remediation advice to engineering and IT teams.
- Review and assess the security of third-party vendor applications through configuration and hardening reviews.
Requirements
- Experience in application security focusing on red, blue, or purple team activities.
- Proficiency in Python, JavaScript, .NET, or Java.
- Experience with DAST tools (e.g., Burp Suite, OWASP Zap) and SAST/SCA tools (e.g., Snyk, Veracode).
- Strong understanding of SDLC and agile methodologies.
- Experience testing REST and GraphQL APIs.
- Demonstrated experience with development tools including GitLab/GitHub, Datadog, Jira, and Docker.
Nice to have
- Experience in the financial sector or heavily audited industries.
- Experience with AWS services (WAF, Cognito).
- Knowledge of Infrastructure as Code, Kubernetes, and container security.
- Experience with auth mechanisms like Open ID Connect and OAuth.
Culture & Benefits
- Vibrant culture with a focus on innovation and client success.
- Commitment to continuous learning and professional development.
- Opportunity to work within one of the world's largest financial institutions.
- Collaborative team environment focused on defying industry expectations.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →