Back to results

Support Centre

DevSecOps/Application Security Engineer

Hours Per Week:
Vacancy Type:
23 Apr 2021
Job Description

DevSecOps/Application Security Engineer

We are looking for a DevSecOps / Application Security Engineer - to work within the Platform Engineering team, making sure we deliver best practice in application security across Dunelm. You will drive excellence across these areas:

  • Cloud infrastructure and CI/CD pipelines: it needs to be secure from the ground up. Everything needs to be built in Infrastructure as Code with built-in security checks, least privilege model and you will drive this for best practice.
  • Secure software development: making sure the software we deliver is as secure as possible. This means shifting left, finding and remediating vulnerabilities as early as possible in the SDLC, making it as secure as possible, ideally by implementing a proven security framework. You will work with development teams to go over security findings and see how we can work together to remediate the findings and implement solutions in the development process.
  • Working together with our compliance team to get ISO-27001 onboarded as our Information Security Management System.

We are working towards a shared accountability for security and need your help implementing this. We embrace failure and work toward gradually making improvements so the products we build are more secure with every iteration, fail less, recover automatically, making our day to day lives easier.

What we need from you

  • Demonstrable experience in application security with a deep understanding of the concept 'Infrastructure as Code' in AWS
  • Knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, and cryptography.
  • On the application security side you are comfortable using tooling that will detect and flag vulnerabilities in our CI/CD pipelines. We have tooling in place that do SAST, dependency management, license management and DAST, it will be up to you to expand/improve this functionality and keep our software as free from vulnerabilities as possible. This also means working with developers to discuss and remediate any issues.
  • Experience with one or more interpreted or compiled languages
  • Ideally experience implementing proven security or web security testing frameworks into the SDLC of micro services.
  • Make sure we are making inroads against world leading security benchmarks across all platforms.  Furthermore, create security benchmarks that work for us.
  • A solid understanding and hands-on experience using the most common technology used in AWS: EC2 - R53 - RDS - S3 - Lambda - SNS - SQS - API Gateway
  • Knowledge of core security concepts such as web application firewalls, network security (Layer 2, 4 & 7), application vulnerability management
  • Understands the OWASP top 10 Security risks and how to best mitigate against them.

Root cause analysis is critical in troubleshooting issues and ensuring our products within our platform are working for our customers. You must be able to give an example of an issue for which you found the root cause and how you ensured such an issue did not occur in the future.

Furthermore, you need to able to drive and act as a supportive team member, upskilling the cross-functional team to showcase good practice delivery, turning strategy into action. You must have excellent communication skills, collaboratively working across technical and business teams. Will require a growth mindset, with the ability to identify opportunities for improvement, and suggest new ways of working, and spearhead their adoption.

If the opportunity to be part of shaping and transforming Dunelm’s Digital presence excites you, please apply for our immediate attention!