DevOps Security Engineer (Azure)

Remote

£85,000 - £90,000 per annum

On behalf of a growing financial services organisation, I am seeking an experienced DevOps Security Engineer to join their dynamic team. The successful candidate will play a critical role in ensuring the security, confidentiality, integrity, and availability of our cloud infrastructure and services. This role involves designing, implementing, and maintaining cloud security solutions that comply with industry regulations and best practices, while protecting sensitive financial data.

While the role is predominantly remote based, there may be occasional travel to their London office.

Responsibilities:

• Design and implement secure cloud architectures in multi-cloud environments (eg, AWS, Azure, Google Cloud).
• Develop and enforce security standards, policies, and procedures for cloud environments.
• Evaluate and integrate cloud security technologies, such as CASB, CSPM, CWPP, and others.
• Monitor cloud infrastructure for security breaches and respond to incidents promptly.
• Implement and manage security tools for threat detection, vulnerability management, and encryption.
• Conduct regular security assessments, including penetration testing, vulnerability scanning, and cloud configuration reviews.
• Ensure compliance with industry regulations (eg, PCI-DSS, GDPR, SOX) and internal security policies.
• Perform risk assessments to identify and mitigate potential security threats to cloud environments.
• Collaborate with audit teams to ensure the cloud environment meets all regulatory and security standards.
• Work closely with DevOps, IT, and application development teams to integrate security best practices into the CI/CD pipeline.
• Provide guidance and training on cloud security best practices to internal teams and stakeholders.
• Liaise with external vendors, partners, and regulators to ensure the alignment of cloud security initiatives.
• Develop and maintain incident response plans for cloud environments.
• Lead investigations into security incidents involving cloud infrastructure, coordinating with relevant teams for remediation.
• Perform forensic analysis to identify root causes of security breaches and recommend improvements.
• Stay updated on the latest cloud security trends, threats, and technologies.
• Propose and implement innovative solutions to enhance the security posture of the organization's cloud environments.
• Participate in continuous improvement initiatives related to cloud security processes and technologies.

Experience required:

• 5+ years of experience in cloud security, preferably in the financial services industry.
• Hands-on experience with cloud platforms such as AWS, Azure, and Google Cloud.
• 2+ years proven experience with Terraform or similar IaC language
• 2+ years proven experience in implementing and managing cloud security controls and technologies.
• 2+ years proven Azure security expertise and ability to deploy Azure Policies, blueprints and alike.
• 2+ years Advanced Kubernetes security knowledge and CI/CD security knowledge.
• Experience implementing and managing automated patching solutions for various Azure resource types, including Virtual Machines and Virtual Machine Scale Sets.
• An understanding of kubernetes and how to secure workloads (patching container images and nodes)
• An understanding of how to patch VMs and VMSSs in an automated way and how to handle situations where the automation tool fails to (or is unable to) patch a resource - especially in Azure since Azure has native solutions to perform these task
• Experience with patching Kubernetes nodes using automated solutions.
• Experience and strong understanding of Kubernetes workloads is required (Azure Kubernetes Service preferred).
• Using Microsoft Defender for Containers to detect and remediate security vulnerabilities in container images stored in Azure Container Registry.
• Experience implementing and managing a service mesh in a Kubernetes environment (eg, Istio, Linkerd).
• Experience implementing security solutions using Infrastructure as Code (IaC), preferably with terraform and the AzureRM provider.
• Familiarity with Azure Security Center, Azure Policy, and other Azure-native security services for continuous monitoring and enforcing security standards.
• Ability to work closely with DevOps and security teams to design and maintain secure, compliant cloud infrastructure.
• Relevant certifications such as Certified Cloud Security Professional (CCSP), AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), or equivalent.

Technical Skills:

• In-depth knowledge of cloud security architecture, best practices, and frameworks (eg, NIST, CSA, CIS).
• Experience with security automation, orchestration, and DevSecOps practices.
• Proficiency in Scripting and programming languages (eg, Python, PowerShell, Bash) for security automation.
• Strong understanding of encryption technologies, identity and access management (IAM), and network security in cloud environments.
• Familiarity with compliance frameworks applicable to the financial services industry (eg, PCI-DSS, SOX).