Lead DevSecOps Engineer

Role: Lead DevSecOps Engineer

Location: London (Oxford Circus)

Hybrid: 1-2 days per week in the office

About Monument Technology Limited

In building its core UK banking business, Monument has developed an open, scalable, cloud native and world-leading banking technology platform, the third pillar of the Banks’ strategy, which has allowed it to make significant inroads fast into the asset-rich, time-poor, and under-served mass-affluent market. The platform was designed from the start to be modular, flexible and extendable into other banking products and channels which also makes it easy to power other banks and to travel globally.

Monument has received significant inbound interest from local and legacy players worldwide to licence its technology on a “Software-as-a-Service” (SaaS) basis and has established a Subsidiary business, Monument Technology Limited (“TechCo”) to take advantage of the opportunity and to unlock the value in our platform through licencing and partnerships around the world.

Monument Technology provides everything needed to build and run a bank with an open, configurable, end-to-end, banking platform as a service which uses best-in-class components to empower small and medium-sized banks around the world to thrive in the digital age. Our plug-and-play model eliminates the risk and complexity of legacy software, enabling our clients to rapidly deploy, scale and innovate at a fraction of the cost. From front end mobile apps, through core banking and CRM to the general ledger and a data lake, the platform can be consumed in whole (“bank in a box”) or in part as required.

Our technology stack has gained positive attention from multiple players globally and over the past 12 months we have engaged and continue to engage in meaningful discussions and over the coming months, we will prioritise empowering business in the UK and Neo Banks globally to revitalise their existing technology stacks and to develop innovative new platforms.

Our dynamic integration frame and architecture allows the platform to scale globally with many components adaptable to other geographies.

HOW YOU’LL MAKE AN IMPACT

• Design and enhancements for our AWS architecture, with a hands-on approach to configuring the platform and with a view to extending it across multiple cloud providers
• Working collaboratively with onshore and offshore Technology Scrum teams to champion and drive good DevSecOps and security engineering practices
• Configuration and tuning of AWS and third-party security tools and providing security expertise to support teams; working with third party security product, managed SOC, and penetration testing service providers
• Lead AWS security projects, working across the business to ensure the correct design and delivery of security requirements; provide review and recommendations for AWS related changes, releases, and new functionality
• Ongoing improvement to the security position of our AWS environment, leveraging automated scanning and monitoring tools
• Maintaining a good working knowledge of current and future trends in cloud infrastructure, security, and DevSecOps tooling and practices
• Desirable but not essential – Security engineering for Microsoft 365 including Active Directory, including Conditional Access, Log Analytics, Single Sign On, Wiz, and Microsoft Sentinel and Defender range of security products

WE LOOK FOR PEOPLE WITH

• Hands-on experience working with AWS in multi-account organisations. Expertise in configuring and deploying AWS infrastructure components; use a broad set AWS services including EC2, EKS, S3, EFS, RDS, DynamoDB, ElastiCache, AppFlow, Glue, Athena, Redshift, API Gateway, Lambdas, WAF, CloudFormation and Control Tower; experience with corresponding services from other cloud providers is highly desirable
• Experience using IaC tools, including Terraform and CloudFormation; comfortable writing modules from scratch and have experience of migrating existing resources into code
• Strong Kubernetes configuration and troubleshooting skills is a must; should be able to write Dockerfiles, Kubernetes manifests, and Helm charts
• Must be proficient in scripting in Bash and / or Python; experience with other programming languages, especially Java, is a plus
• Experience of working on a microservice architecture hosted in Kubernetes; should also be familiar with the tooling used to observe / monitor these environments, such as, Prometheus, Grafana, Zipkin, and Jaeger
• Proven experience of managing and securing AWS cloud environments with configuration of key services like AWS WAF, CloudWatch, CloudTrail, Kubernetes, GuardDuty, X-Ray, Control Tower, Security Hub, Shield, Cognito, Secrets Manager, Key Management Service; Experience with corresponding services from other cloud providers is highly desirable
• Experience with DevSecOps tooling to setup CI/CD pipelines including Jenkins , GitHub Actions, ArgoCD, Bitbucket Pipelines, Bitrise, and integrating code quality measurement in these pipelines with Sonar Cloud, Snyk, etc.
• Experience of working in an agile environment working collaboratively with Product Owners and Engineering teams
• Some financial services experience is required – it is essential to have experience in operating a secure, resilient, and performant cloud hosted platform services in a highly regulated environment
• Excellent communication, problem-solving and presentation skills