DevSecOps Engineer - Hybrid 1 day a week in London

We're partnering with a leading retail & digital brand to hire an DevSecOps Engineer who'll embed AppSec across modern CI/CD—scaling automation, owning the tooling stack and enabling engineers to ship secure software at pace.

Responsibilities

• Focused on application security initiatives across cloud and on-premises environments, employing a diverse suite of tools including Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and scripting for automation.
• Forge partnerships with external vendors to optimize and seamlessly integrate security tools into our application security workflow, ensuring comprehensive coverage and operational efficiency.
• Drive the seamless integration of application security processes into development pipelines, leveraging Azure DevOps (ADO), GitHub Actions, and similar tools for streamlined automation.
• Actively contribute to the formulation and enforcement of application security policies and procedures, utilizing advanced tool capabilities to mitigate risks effectively.
• Engage with internal stakeholders to foster awareness and understanding of application security measures, emphasizing the pivotal role of tooling and automation in mitigating vulnerabilities

Essential

• A minimum of 3 years of hands-on experience in application security, with a track record of leadership or significant contributions in similar roles.
• Proficiency in Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and automation scripting.
• Understanding of application security principles and best practices.
• Experience integrating and optimizing security tools within development workflows, particularly within Azure DevOps and GitHub Actions environments.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Ability to work independently and within teams in a dynamic environment.