DevOps Security Lead

Set up as a new job alert
11087en
  1. Contract
  2. English
  3. Director
  4. Digital & Technology
  5. Zurich
  6. Financial Services
  7. DevOps, Security, OWASP 10, ISO/IEC 27002, ISO/IEC 17788, RBAC, ABAC, AuthN, AuthZ, CI/CD

Our client is one of the leading insurance companies in Switzerland.
On behalf of our client, Swisslinx is currently looking for a DevOps Security Lead.
This is a contracting role until end of the year based in Zurich.

Your mission

- You would be the Lead Engineer within the platform team, leading the “Security and State” Stream
- You will be joining a multi-year Finance Transformation project, Greenfield on MS azure with both cloud-native and legacy components
- Understand all infrastructure as code (IaC) artefacts in Azure DevOps, with specific focus on Kubernetes, Kafka, Zookeeper, NoSQL (e.g. Couchbase)
- Secure the CI/CD process for IaC and Microservice (Spring Boot, Python) deployments
- Design and own the (policies for) our docker registry
- Implement and maintain in the pipelines companie’s wide scanning tools such as Aqua, NexusIQ, Qualys etc
- Implement and ensure Encryption at rest and in transit
- Design, implement and ensure best practices of AuthZ, eg via token rotation: both for human and non-human
- Design, implement and maintain secrets management
- Design and implement a security aspect for configuration management
- Work with developers to understand the security context of the apps and their interaction with Apache Kafka, candidate will design & own the implementation of how Kafka will be secured
- Align with Automation lead on quality controls and continuous testing best practices especially including blue/green and canary
- Design and maintain the availability and stability of all long-living state (e.g. the event store)
- Secure the state against unauth access: design and implement lifecycle (non-prod vs prod) for data (incoming as Kafka messages using the event carried state transfer paradigm)
- Consult with Automation lead on network layouts and negotiate with other network teams on integration/segregation topics
- Support and give guidance on the test driven development practices and the implementation thereof in the pipelines in a DevSecOps style (e.g. Chaos Monkey, auto-pen-test)
- Implement continuous improvements on governance aspects (e.g. Azure Policies)
- Efficiently leverage Azure services for addressing security concerns (i.e. WAF)
- Own the integration with Azure Active Directory and IAM
- Continuously work with the teams to improve all components as the use-cases grow more complex
- Own validity and applicability of libraries and licenses of all vendors (e.g. for Hashicorp Vault)
- Design observability (especially logging) concept and implement reactions to incidents
- Design High Availability and Disaster Recovery Strategies (incl multi zone deployments and consistency) in the context of event-sourcing with special focus on securing and protecting the event-store and guaranteeing replayability
- Design and maintain a holistic security concept for VMs, stateful apps, stateless apps, running on K8S or running as container instances
- Design and maintain holistically Monitoring and telemetry
- Design and take ownership of the security incident process
- Train other engineers
- Ensure compliance with the company wide digital governance framework, audit
- Documentation of all of the above (readme, wiki and JIRA)

Your background

-Public Cloud relevant experience with practical implementation of the security standards: OWASP 10, ISO/IEC 27002, ISO/IEC 17788
- Expert Knowledge in zero trust networking and service meshes
- Expert Knowledge of AuthN concepts and techniques, e.g. RBAC, ABAC
- Expert Knowledge of AuthZ techniques and tools
- Strong and proven Automation experience with CI/CD in the public cloud using industry standards such as maven, gradle
- Expert Knowledge of git
- Knowledge of Kubernetes deployments (e.g. sidecar), container isolation, multi-tenancy and software defined networking
- Knowledge of static code scanning best practices
- Expert knowledge of Continuous Monitoring and usage of Telemetry
- Test driven development: understands semantics of unit tests and end to end integration tests and the imperative for continuous testing
- Worked with CI/CD for integration, migration and deployment: Experience in automated build, test & deploy with an explicit focus on state-management and
state-handling
- Strong understanding of networks: especially how Layer 7 design needs to align with Layers 3-6 in the public cloud, Expert Knowledge of multi-cloud firewall
Design
- Excellent communication in English, written and spoken
- Delegation and (self-)management skills for working in a flat and distributed team
- Encryption tools and techniques
- Strong Experience with "Infrastructure as Code"
- Linux OS (alpine, Ubuntu, SLES) and Unix
- Knowledge of event-driven architecture and micro-services

Frameworks / Tools

- Azure DevOps, Ansible, yaml-pipelines, Helm, build agents, scripting (bash, python)
- Container-based (Docker / Kubernetes) orchestration
- High availability of statefulness using cloud-native techniques
- Can read code written in industry standard polyglot (Java/ Spring/ Python/ JS)
- DB-queries (also NoSQL) e.g. Couchbase, SAP HANA, Postgres
- Cloud managed services (e.g. Blob Storage, databases, Insights, Security Center)
- Build and deployment tools such as Git, Gradle, Maven
- API Gateways, HTTPS, REST/ODATA/GraphQL/etc API-specs
- State-management e.g. Zookeeper, Schema Registry, Event Store
- Aqua, Qualys, DataDog, Grafana, Prometheus, Zeebe, Vault

What’s on offer


- Work for an established Swiss company
- International and multi-cultural working environment

If you think of yourself as a highly motivated, ambitious person, please apply via email: katia@swisslinx.com. For further information, do not hesitate to contact us: +41 (0)58 268 10 40.

Doing business in Dubai: Trends and developments to keep an eye on

READ MORE

Doing business in Zurich: Trends to watch out for

READ MORE