Senior DevSecOps Engineer

Geplaatst op 30 September 2022

Role: Senior DevSecOps Engineer
Location: Utrecht
Start: asap!
Period: 12 months
Extension: possible [ 12 months! ]
Salary: competitive
Closing date to apply: open submission

The recruiting process for this vacancy is a ongoing process!

Note:
The client prefers candidates, who are already living in the EU!
 
Profile client:
Rabobank is a cooperative bank with over 8 million customers. Through large and small initiatives, the bank aims to make the world a little bit better. They support local enterprises and larger non-profit organizations and thus contribute to the welfare and prosperity of the community.

Job description:

Senior DevSecOps engineer:

You help protect our systems against cyber threats, by supporting DevOps teams with training, tooling and with security expertise.

You and your job:


RNT DP (Digital Platform) is a domain inside Rabobank's Retail NL Tech branch that delivers a large number of Rabobank's online presence. Rabobank Online, Rabobank Business Banking, the Rabobank mobile app all were made by our DevOps squads.

Inside RNT DP, team Strongbow is a technical support squad. We do not have any deliverables for Rabobank customers, Rabobank's DevOps engineers are our customers! Our team supports many tribes and domains, by offering in-house DevSecOps consulting.

Our services include:
  • Internal security tests of web applications and APIs.
  • Testing, deploying and improving DevSecOps tooling (SAST, DAST, SCA, secrets detection and more).
  • Creating and maintaining automation templates for Azure DevOps CI/CD pipelines.
  • Creating and maintaining testing rules for DevSecOps tooling.
  • Develop and teach in-house trainings, about pen-testing, defensive coding, PKI/certificates, threat modeling and more.
  • Coaching and consulting, when teams need clarifications on security standards.
  • Security maturity assessments, helping DevOps squads improve their way of working.
  • Threat modelling sessions, helping DevOps squads improve the designs and resilience of their software.
Practical examples:
  • Researching improvements for DevSecOps tooling.
  • Maintenance of scripting and rulesets for DevSecOps security scanning software.
  • Teaching classes to groups of 5-10 engineers at a time.
  • Be a sparring partner with our standards board, to create and improve security standards and architecture.
  • Work with Tooling and Automation Support (TAS) to shape the future of DevSecOps tooling for the whole of Rabobank.
  • Be our team's spokesperson towards our Security Champions, to our DevOps engineers and to our Management Team.
  • Handling major security incidents and vulnerabilities, in cooperation with Rabobank's Cyber Defence Center.
Facts and figures:
  • 32-40 hours per week.
  • Work-from-home, with one optional day per week in the office.
  • 5 direct colleagues.
  • 1000+ DevOps engineers as your customers.
Top 3 responsibilities:
  • Collaborate on the definition of new security standards and architecture.
  • Teach in-house classes, multiple times a month, on technical aspects of information security.
  • Provide guidance on handling (major) security vulnerabilities in software and infrastructure
    Together we achieve more than alone
We believe in the power of difference. Bringing together people's differences is what makes us an even better bank. So we are very curious about what you can bring to our team.

You and your talent:


As a senior member of the team, we would like you to provide guidance and stability to both our customers and our own team.

Our team will soon grow with a few juniors and mediors, who will need instruction and who may need mentoring in their personal development.


Requirements:
  • Master/Bachelor degree in Computer Science/ Information Security
  • you can also substitute with established professional certifications like CISSP, OSCP, CySA+ or CASP+.
  • At least one scripting language, like Powershell or Linux shell scripting.
  • Modern hybrid cloud infrastructures, as well as virtualization platforms.
  • DevOps and CI/CD concepts and technology (pref. Azure DevOps).
  • The English language. Dutch is not a requirement, but it'd be great if you speak it too.
We expect to see at least three years of experience in any one of these, plus at least one year of experience in another:
  • Pen-testing of web applications and APIs.
  • Threat modelling and secure design.
  • DevSecOps tooling (SAST, DAST, SCA, etc).
  • PKI, certificates, cryptography and TLS troubleshooting.
  • DevOps, CI/CD pipelines and automation (Ansible etc)
  • One higher programming language, like Python, Java, Kotlin or .Net.
  • Kubernetes, Cloud Foundry, Azure Cloud
Apply:

If you want to apply for this role, we will need the following information from you:
  • Most recent CV, in Word format, max 5 x A4, in the English language
  • Good/Solid motivation, focused on the application!
  • Explanation of the requirements and competences set [red highlighted]!
  • At least 1 recent reference, which can be verified!
  • Availability

 
Reageren op deze vacature?