Role: SC Cleared DevSecOps Lead
Profile
The DevSecOps Lead is someone who is both able to operate and lead engineering teams in secure environments but is also able to influence and lead the transformation of DevSecOps teams working at lower maturities to higher maturity levels. The person will be motivated by continuous improvement in terms of delivery cadence, quality, efficiency as well as having the leadership qualities to motivate teams to deliver and transform. The person will have some experience of packaging the above activities into operational processes and associated marketing and sales information for the purposes of sales and consulting.
Requirements
Responsibilities:
- Leading the definition, implementation and maintenance of operational security mechanisms and processes.
- Leading the definition, implementation and maintenance of DevOps operating models within delivery teams
- Working closely with the security team to ensure they are involved in the delivery process from the earliest stages
- Working closely with the delivery teams to ensure that security principles are observed from the earliest stages.
- Communicating DevSecOps policy and processes to delivery teams, the architecture team and other interested parties
Required skills and experience:
- At least 5 years' experience working on software delivery pipelines
- Experience of working in medium to large scale distributed team environments: Multiple teams, multiple locations and multiple products.
- Experience of defining software delivery pipelines: tooling, processes, team organisation
- Understanding of (and experience in implementing) SAST/DAST
- Familiarity with automated code analysis tools (e.g. SonarQube)
- Experience with vulnerability management and penetration testing tools and processes
- Strong knowledge of (and experience with) AuthN/AuthZ such as OpenAuth and SAML.
- Experience in containerisation (e.g. Docker) and container security
- Extensive experience in various deployment techniques to major cloud platforms. Notably technologies designed to complement the Microsoft Azure stack and the Amazon AWS technologies.
- Experience in designing or implementing the security mechanisms for cloud deployments
- Good stakeholder management skills
- The ability to communicate security concerns to less/non-technical audiences