DevSecOps Engineer

Management Level

Business Division: GRCLS

Business Function / Department: Group Information Security

Job Title: AWS DevSecOps Engineer

Reporting to (Job Title): Head of Security Engineering and Operations

Date: May 2024

Equiniti is a leading international provider of shareholder, pension, remediation, and credit technology. With over 6000 employees, it supports 37 million people in 120 countries.  

EQ India began its operations in 2014 as a Global India Captive Centre for Equiniti, a leading fintech company specialising in shareholder management. Within a decade, EQ India strengthened its operations and transformed from being a capability centre to a Global Competency Centre, to support EQ's growth story worldwide.

Capitalising on India’s strong reputation as a global talent hub for IT / ITES, EQ India has structured the organisation to be a part of this growth story. Today, EQ India has evolved as an indispensable part of EQ Group providing critical fintech services to the US and UK.

EQ’s vision is to be the leading global share registrar, offering complementary services to its client base and our values set the core foundations to our success. We are TRUSTED to deliver on our commitments, COMMERCIAL in building long term value, COLLABORATIVE in our approach and we IMPROVE by continually enhancing our skills and services. There has never been a better time to join EQ.

Role Summary

DevSecOps Engineers will work with the Head of Security Engineering & Operations to configure, manage and operate security controls within EQ’s AWS environment. The role will also be responsible for security monitoring and incident response as well as promoting and embedding DevSecOps principles to change existing systems and practices for the better.

This position requires deep knowledge and experience with AWS tools, capabilities, and resources, with a deep understanding of cloud-based infrastructure resources, monitoring tools, and advanced security controls.

Core Duties/Responsibilities

You will be required to undertake the following specific activities:

• Configure and manage key AWS Security Controls such as Guard Duty, Security Hub, Inspector, Config, CloudTrail, Shield Advanced, WAF, Macie etc..

• Design and coordinate cohesive responses to security events that involve multiple teams across the organization.

• Ensure security is seamlessly & effectively integrated with the software development life cycle (SDLC), recognising security threats, & configure infrastructure in such a way as to manage & deploy the environment, in a secure & optimised manner.

• Promote and Integrate Security into DevSecOps methodologies.

• Automate security testing & vulnerability scanning within CI/CD pipelines.

• Stay up to date with the latest security threats, vulnerabilities, & industry best practices related to Cloud Security.

Skills, Capabilities and Attributes

The successful candidate will demonstrate the following experience, skills and behaviours:

Skills, Knowledge & Experience

The key skills and experience required for this role can be summarised as follows.

• Significant public cloud (AWS) and hybrid cloud security architecture experience across multiple domains: Cloud, Network, Infrastructure, Application, Data, IAM

• Expert knowledge of configuring and operating key Amazon cloud security technologies, including AWS: IAM, SSO, Organisations, Guard Duty, Security Hub, Inspector, Config, CloudTrail, Shield Advanced, WAF, Macie, Detective, Certificate Manager and Secrets Manager.

• Experience with security incident response and handling within AWS environments, including log analysis and forensics.

• Experience implementing SAST and DAST tooling in deployment pipelines - specifically Checkov, SonarQube and AppScan

• Experience implementing Vulnerability and Compliance Scanning tools in deployment pipelines – specifically Qualys.

• Extensive experience implementing security automation within environments utilising DevSecOps, CI/CD, Infrastructure & Security as Code.

• Implementation of controls aligning to Information Security and Privacy Standards and Frameworks (e.g. ISO 27001, CSA-CCM, NIST800-53, CIS, GDPR etc…)

• Deep knowledge on AWS core components (examples: API Gateway, ECS, EBS, EC2, S3, SNS, Lambda, Security groups, VPC, CFT, Route 53, certificate manager, AWS build pipelines and AWS cloud trail).

• Experience in deploying and managing security controls within containerised environments.

• Strong communication skills and experience of working across multi-discipline teams.

• Ability to work in a fast-paced environment.

• Certifications such as AWS Certified Security Specialist are a plus.

Benefits:

Being a permanent member of the team at EQ you will be rewarded by our company benefits, these are just a few of what is on offer:

• 3 days of additional leaves on & above statutory requirement along with 2 days of voluntary leaves to pursue the CSR initiatives  
• Business related certification expense reimbursement
• Comprehensive Medical Assurance coverage for dependents & Parents
• Cab transport for staff working in UK & US shift
• Accidental & Life cover 3 times of concerned CTC

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks.