Cloud Application Security (DevSecOps) SME

We're looking for a Cloud Application Security SME to join our delivery team, and help shape and direct our clients' security transformation journeys. We work closely with the public sector, and as such you will be required to undergo SC clearance for this position. Here's some points on what to expect : Working within agreed timelines throughout the evaluate, design and build phases to identify security requirements; define application security solutions; configure and test using DevSecOps tools and platforms.

• Leveraging your core competence and knowledge of industry Application Security standards, frameworks and good practices to support security reviews, enablement, validation or definitions of application security outcomes.
• Identifying : Client needs for application security technology / tools and process adoption. Technical security requirements, both functional and non-functional.
Gaps, issues, assumptions and failings in the client application security landscape. Client needs in terms of outcomes, stakeholder engagement and risk mitigation. Defining : Project testing strategy, test plans, test scenarios and approach. Security environment objectives and targets, including change impact and risk. Cross-team implementation plans. Appropriate metrics and processes to achieve client objectives and targets. Enacting : The setup of application security specific components and processes for development, test, and production environments. Application security and DevSecOps technology implementations and configurations. Robust practices for the protection and security of client systems Oversee, evaluate, and support : Discovery and audits Documentation, validation, assessment, and authorisation GRC Consultants and Service / Solution architects in the securing of products and services.

You're somebody that's obsessive about solving business and client challenges, and take a strong focus on security risk to help tackle client challenges. You have an egineering background and have experience operating at a client advisory level. You use your ability to blend your technical knowledge and consulting ability to craft market-leading solutions to multi-million pound problems. You should be experienced in :
• Designing and building within a public cloud environment (E.g. Azure, GCP, AWS)
• Skilled in programming, with expertise in your language of choice (E.g. Java, Python, TypeScript, Go, Rust).
• Strong understanding of API protocols such as REST, SOAP, gRPC, GraphQL, WebSockets and how to secure them.
• DevSecOps frameworks and methodologies.
• OWASP
• Application and IaC security testing (SAST).
• Integration / operation challenges with security toolsets, for example : Synopsys, Veracode, Checkmarx, Cequence, Akamai, Salt, GitLab, MicroFocus Fortify SCA, WebInspect, App Defender, Sonatype, SonarQube, Qualys and TripWire (IP360), Burp Suite, Synk, Twistlock.
• Knowledge of RDBMS (E.g. MySQL, PostgreSQL, MariaDB, Microsoft SQL Server, and Oracle Database)
• Knowledge of Secure by Design and Zero Trust principles.
  
  We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world.
Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as : the Women's Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.