Role: DevSecOps Engineer

Type: 6-Month Contract – Outside IR35

Location: London, UK – Onsite

Key Skills:



• Primarily focused on platform SDLC, working with Artifactory, implementing pipelines in GitHub, conducting security and vulnerability scanning, and adding attestations to artifacts to ensure thorough testing before deployment to a Kubernetes cluster.
• Implementing security checks across the entire SDLC lifecycle.
• Performing static code analysis and penetration testing.

Job Description:

We are looking for an experienced DevSecOps Engineer with expertise in Google Cloud Platform (GCP) to join our team. This role is critical in securing our software development processes on GCP. Your skills in GCP, Rego policies, and Terraform will be key in creating a secure and efficient development pipeline.

Responsibilities:

• Develop and enforce Rego policies to maintain security and compliance within our GCP infrastructure and applications.
• Work with development and operations teams to integrate security into the GCP-focused CI/CD pipeline, automating security checks and scans.
• Use your GCP knowledge to design and implement secure microservices and containerized applications following GCP security best practices.
• Implement infrastructure-as-code (IaC) using Terraform to securely and efficiently manage GCP resources.
• Conduct comprehensive security assessments on GCP environments using GCP-specific security tools to identify and mitigate vulnerabilities.
• Perform threat modeling and risk assessments for GCP deployments and design effective security solutions.
• Collaborate with cross-functional teams to respond to GCP-specific security incidents, conduct root cause analysis, and implement corrective actions.
• Stay updated with GCP advancements, industry security trends, and best practices, and share knowledge with team members.
• Promote a culture of security awareness for GCP environments, integrating security considerations throughout the development process.

Requirements:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Proven experience as a DevSecOps Engineer with a strong focus on GCP.
• Expertise in Rego policies and policy-as-code practices, particularly in GCP.
• Deep understanding of GCP services, security controls, and best practices.
• Proficiency in using GCP-specific security tools, vulnerability scanners, and penetration testing tools.
• Extensive experience with infrastructure-as-code (IaC) using Terraform for GCP resource management.
• Familiarity with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI/CD) with GCP integrations.
• Strong knowledge of GCP security frameworks, standards, and compliance requirements.
• Solid understanding of container security in GCP and experience securing microservices.
• Excellent communication and collaboration skills, with the ability to work effectively in cross-functional teams.
• Relevant GCP certifications such as Google Professional DevOps Engineer or Google Professional Cloud Security Engineer are highly advantageous.

If you are passionate about using your GCP expertise, Rego policy knowledge, and Terraform skills to enhance our GCP development environment's security, we invite you to join our team and lead our GCP-focused software security efforts.