Senior Software Engineer IND

Overview

1. Core Responsibilities

• Implement, maintain, and optimize DevSecOps processes, tools, and security measures in Azure and multi-Cloud environments to support engineering teams in delivering secure, reliable and efficient products.
• Collaborate with the Cloud Security Architect, SecOps and other teams to define and achieve security objectives for projects and programmes, in alignment with business and functional requirements.
• Integrate security best practices, regulations, policies, standards, and procedures into the development lifecycle, managing business and security risks.
• Develop, test, and deploy security-as-code for various Public Cloud compute services, Container platforms, and CI/CD pipelines, leveraging native services and the technologies provided.
• Ensure compliance with industry-standard controls such as CIS/NIST/GDPR/ISO/CSA CCM, and provide support with their implementation.
• Support architects in making design choices that consider security, scalability, and maintainability within Cloud services and CI/CD pipelines.
• Collaborate with application development teams to integrate SAST, SCA, and DAST tools into product feature pipelines and promote secure coding practices.
• Foster a culture of teamwork, collaboration, and continuous improvement among technical and business teams.
• Support with remediating security vulnerabilities in applications and infrastructure.
• Research and utilise modern technologies to meet product requirements, compliance, and controls to enhance OSB’s Cloud security posture.
• Integrate Cloud-based Key Management services with various tools and applications.
• Utilize DevSecOps practices to automate security and compliance policies throughout the development lifecycle.
• Continuously monitor and improve OSB's Cloud security posture using Cloud-native tools and guardrails.

• 5+ years in a DevSecOps, or Security Engineer role, deploying and maintaining multi-Cloud foundation services (aka Landing zone) and/or container orchestrator platforms.
• Experience working with Azure technologies, including Azure Repos Git repository, Azure Pipelines, Azure Artefact Feeds, Azure Key Vault, Azure Kubernetes Service (AKS), and Azure Container Registry.
• Proficiency in using Gradle, Nx, Docker, JIB, Trufflehog, Trivy, and SonarCloud.
• Ability to create threat models (STRIDE/MITRE ATT&CK) and define application controls/mitigations.
• Ability to quickly learn new platforms, languages, tools, and techniques as needed to meet project requirements.
• Experience with the core foundational security services of Cloud providers (e.g., Azure AD, Defender for Cloud, Azure Sentinel, AppGateway and APIM, Azure Identity Protection, PIM).
• Experience with provisioning security-as-code, leveraging tools such as Terraform, and adapt secure coding practices and guidelines.
• Experience in setting up and managing container security in platforms such as Kubernetes (AKS).
• Experience with Key management tools such as Azure Key Vault and Cloud-native PKI.
• Understanding of scripting languages such as Python and Java.
• Experience in integrating CI/CD pipelines for the underlying Cloud infrastructure platform and/or the landing zone services with Security tools.
• Knowledge of Cloud auditing, logging, and monitoring best practices.
• Excellent documentation and communication skills.
• Ability to proactively triage and prioritize vulnerability remediation.

• Identity and Access Management (Azure AD, RBAC, Identity Protection, PIM, SSO).
• Understanding of common workflows, such as Git Workflow in a DevSecOps environment, Azure Repos Git repository, and Azure Pipelines.
• Data (encryption design patterns, Cloud HSM, data governance, access control, private access).
• Next-gen firewalls, Layer 3 – 7 security, edge security, TLS/mTLS, North/South/East/West controls.
• Compute, containers, serverless, virtual machines, run-time security, AKS and Azure Container Registry.
• AppGateway, APIM, OWASP, SAST, SCA, DAST, WAF, Gradle, Nx, Docker, JIB, Trufflehog, Trivy, SonarCloud, Azure Artefact Feeds and Azure Key Vault.
• Solid experience in a DevSecOps and Infrastructure-as-Code route-to-live environment.

• Hands-on experience with at least one programming language, such as Python or Java, following best practice principles around clean code and understanding the principles of secure coding.
• Workloads deployment using Azure Pipelines (yaml based) for production-grade environments using zero downtime strategies (blue/green, canary etc)
• Experience in integrating security testing tools, such as Veracode, Snyk, InsightAppSec, Trivy, Checkov, and SonarCloud.
• Experience with integrating test and compliance tools in the automation pipelines, using technologies like Gradle, Nx, Docker, JIB and Azure Artefact Feeds.
• Experience in adapting, or contributing to, open-source projects such as Istio or Envoy.
• Understanding of Cloud migration approaches (6 R framework) and experience in migrating workloads to public Cloud platforms

• Azure AZ-500
• Microsoft Certified: DevOps Engineer Expert
• Certified Kubernetes Administrator