DevSecOps Engineer

We are looking for a DevSecOps Engineer to drive forward improvements in our security posture.

DevSecOps Engineer

Who are we?

At Seccl, we’re on a mission to rebuild the infrastructure of investments and advice. We provide the technology that allows people to access financial markets – buying and selling investments, and holding them in tax wrappers like ISAs and pensions.

Our software allows ambitious fintechs to quickly get to market with innovative investment or advice products – and helps financial advisers and investment managers to build stronger, more valuable businesses, by operating their own investment platform.

Ultimately, we want to create a world where everybody can access the financial markets, or find the help they need, more easily and affordably than ever.

We recently became part of the Octopus Group – an innovative, £9bn+ group of companies that’s on a mission to breathe new life into energy and financial services, and improve the lives of millions of people.

How can you help?

We have grown our new Cloud Ops and Developer Enablement (CODE) team and are now looking for an enthusiastic and experienced DevSecOps Engineer to drive forward improvements in our security posture by integrating “security by design” into the full software development, release and hosting process.

What will you be doing?

  • Ensuring our product environments are secure.
  • Own the Security Incident Management process together with our DevOps lead and ensure best practice and tooling are in place.
  • Implementing SAST, DAST and SCA testing using tools like StackHawk, Snyk, Codescan, Codacy or Veracode
  • Building security into the entire software lifecycle and championing it with engineering, product and the wider business.
  • Working with CI/CD pipelines and tools to automate and “shift left” security.
  • Cloud and cyber security compliance, gap analysis, threat modelling, vulnerability scanning and remediation
  • AWS cloud design and infrastructure as code based deployment experience – Terraform, Ansible
  • Threat modelling based on industry standard frameworks – OWASP, NIST, CIS

Who are we looking for?

You’ll be someone who…

  • Has a background in cloud security
  • Can demonstrate AWS security knowledge to a level required by the AWS Security Specialty certification
  • Understands tenets of application security, secure code architecture and development practices
  • Has used a major CI tool such as Jenkins, CircleCI, GitLab, TeamCity etc.
  • Has experience using Terraform, Ansible or equivalent IAC/CAC tools
  • Has experience in Devops and Site Reliability Engineering principles– CI/CD pipelines, monitoring and alerting, containers, automation etc.
  • Is collaborative and can see the bigger picture at a systems level as well as the detail
  • Is comfortable is a fast paced, ever changing and improving development environment
  • Relentlessly pursues and supports improvement and enablement in themselves, their team and their systems

In a perfect world, you’ll also be someone who…

  • Has AWS certifications under their belt, including the AWS Security Specialty
  • Has CISSP, CISM, CISA, CCP IA, or similar certifications
  • Has experience around ISO27001 certification
  • Has a working knowledge of Typescript and MongoDB

How do we work?

We’re a team of ambitious, talented, and creative people who are passionate about using technology to improve our financial world.

We have a positive, open environment that promotes fresh ideas, challenge and experimentation, and encourages continual learning. We provide flexible working that focusses on delivery rather than just focusing on hours worked.

We’re based in the historic City of Bath, a stone’s throw from the train station. (Literally. You could hit it from our office.)

And the vital statistics?

  • Competitive salary
  • Flexible working arrangements
  • Exposure to the latest technology and an opportunity to help shape the future direction
  • 27 days holiday and a day off for your birthday
  • Pension & Life Assurance

Like what you see?

Just send your CV to people@seccl.tech and our Head of People, Rebecca, will be in touch.