SecDevOps Engineer

Purpose of the role

To build and maintain infrastructure platforms and products that support applications and data systems, using hardware, software, networks, and cloud computing platforms as required with the aim of ensuring that the infrastructure is reliable, scalable, and secure.  Ensure the reliability, availability, and scalability of the systems, platforms, and technology through the application of software engineering techniques, automation, and best practices in incident response. 

Accountabilities

• Build Engineering:  Development, delivery, and maintenance of high-quality infrastructure solutions to fulfil business requirements ensuring measurable reliability, performance, availability, and ease of use. Including the identification of the appropriate technologies and solutions to meet business, optimisation, and resourcing requirements.
• Incident Management: Monitoring of IT infrastructure and system performance to measure, identify, address, and resolve any potential issues, vulnerabilities, or outages. Use of data to drive down mean time to resolution.
• Automation:  Development and implementation of automated tasks and processes to improve efficiency and reduce manual intervention, utilising software scripting/coding disciplines.
• Security: Implementation of a secure configuration and measures to protect infrastructure against cyber-attacks, vulnerabilities, and other security threats, including protection of hardware, software, and data from unauthorised access.
• Teamwork:  Cross-functional collaboration with product managers, architects, and other engineers to define IT Infrastructure requirements, devise solutions, and ensure seamless integration and alignment with business objectives via a data driven approach.
• Learning: Stay informed of industry technology trends and innovations, and actively contribute to the organization's technology communities to foster a culture of technical excellence and growth.

Assistant Vice President Expectations

• Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues.
• Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda.
• Take ownership for managing risk and strengthening controls in relation to the work done.
• Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function.
• Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy.
• Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc).to solve problems creatively and effectively.
• Communicate complex information. 'Complex' information could include sensitive information or information that is difficult to communicate because of its content or its audience.
• Influence or convince stakeholders to achieve outcomes.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

Join us as a "SecDevOps Engineer" at Barclays, where you'll spearhead the evolution of our digital landscape, driving innovation and excellence. You'll harness cutting-edge technology to revolutionise our digital offerings, ensuring unapparelled customer experiences.

You may be assessed on the key critical skills relevant for success in role, such as risk and control, change and transformations, business acumen, strategic thinking, and digital technology and as well as job-specific skillsets.

To be successful as a "SecDevOps Engineer", you should have experience with:

Basic/ Essential Qualifications:

• Strong knowledge of CVEs, CWEs and their effect on the application.

• In depth knowledge of various AppSec technologies such as SAST, DAST, SCA, IAST RASP etc.

• Some development skills and hands on experience of one or more programming languages and framework.

Desirable skillsets/ good to have:

• Ability to demonstrate knowledge and enthusiasm for low-level technical topics including native development (any platform)

• Experience of languages inherent to modern, mobile development: Java+JNI, Objective C, Swift etc

• Familiarity with process of reverse engineering and associated low-level technologies such as assembly and tools

• Familiarity with concept of mobile code hardening i.e. controls and techniques for the goals of anti-tempering, obfuscation and environment monitoring

• Ability to reproduce vulnerabilities in lab environment.

This role will be based out of Pune.