Cybersecurity Lead - DevOps (Melbourne based Role)
Salary £70,000 - £200,000 per annum
Consultant Dugald Locke
Date posted 02 August 2018Robert Walters United Kingdom
This role is part of the Cybersecurity function of the company, which is responsible for ensuring that my clients customer and third party facing solutions, customer data, are effectively secured and protected from internal & external threats and risks. This role assists in ensuring that the clients information Security model and systems of record is complied with across the enterprise.
The Devops Lead would work closely with the Head of Engineering and IST Teams to implement strategies and solutions that allow the client to pass security tests and evaluations, apart from working on projects that involve optimizing the clients underlying infrastructure and improving its performance. With ongoing growth in the company it is necessary for us to architect server and applications to deliver best performance and seamless scalability, while maintaining highest levels of security which is a big priority for the client. This position requires strategizing and implementing solutions to help achieve this goal. The candidate occupying this role must be able to drive the implementation of the security fixes that are required to reduce risk to our platforms. The DevOps lead works with engineering for deployment and operations of our various systems. The lead helps to automate and streamlie server operations & processes, building and maintaining tools for deployment, monitoring applications and infrastructure for performance and security along with troubleshooting and permanently resolving any issues that are identified.
Key accountabilities of this role
- Accountable for the Secure Development Lifecycle, embedding secure code tools and processes and evangelizing for its use through training, comms and support.
- Ensures that cloud infrastructure, operating, and software systems, and related procedures adhere to organizational expectations of security, availability, and performance
- Develop user stories in support of information security requirements
- Automate security controls on the infrastructure and applications
- Research and recommend innovative, and where possible automated approaches for system administration tasks
- Identify approaches that leverage our resources and provide economies of scale
- Provide support for production deployments, as needed
- Provide 3 level / other support for production issues relating to security of the systems and platforms
- Work with the Engineering Teams to design operational controls that keep the business and its customers safe, but enable speedy deployment of change
- Provide proactive advice to colleagues across all teams on the management of digital, cyber, and operational risk across all platforms and digital things
- Provide expertise, guidance and advice related to all cybersecurity issues when long lived teams are mobilizing stories and features
- Expertise in operational risk management (fraud, cyber, privacy, info sec) to support Digital in the development and maintenance of a robust but agile control environment.
- Understand what a great customer experience looks like in the digital context and be passionate about getting this right.
- Responsible for providing advice and oversight to platform teams on securing data in transit and data at rest; guiding them on the best security decisions
- Application security assessments, code reviews, and SDLC consulting
- Collaborate with other Technology groups to implement consistent security safeguards and controls throughout the organization.
- Support and constructively challenge the business, helping mitigate risk and control weakness.
Qualifications, key skills and experience required
- Good technical knowledge of digital platforms and architecture
- Understanding and familiarity with common code review methods and standards
- Experience with code scanning toolsets such as Fortify and Ounce
- Knowledge of OWASP tools and methodologies & SABSA
- Understanding of HTTP and web programming
- Knowledge of common security requirements within ASP.NET application
- Knowledge of standard SDLC practices
- Cloud technology exposure
- Experience in Identity and Access Management both customer facing and internal
- Knowledge of applicable industry rules (including PCI), and expertise in Information Security best practices, policy development, and implementing Information Security Frameworks
- Strong subject matter experience in application security, vulnerability testing
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations.
- Minimum of 3 years work experience in application security