DevSecOps Engineer

• Should be educated to degree level in Digital Forensics, Information Security, DevOps, or an IT-related discipline.

• Should hold relevant industrial security / DevSecOps / DevOps certifications, or willingness to acquire.

• Provide security services and support for Prudential's business groups. Interact directly with Prudential colleagues globally to perform DevSecOps services. Responsible for implementing, integrating, and testing security scan automation features in CI/CD pipelines.

• Familiar with Jenkins-based CI/CD Pipelines.
• Experience in implementing and testing automation scripts and setups.
• Familiar with integrating security tools and providing vulnerability assessments using tools such as Burp Suite Enterprise, Checkmarx, NowSecure, OWASP ZAP.
• Understanding of OWASP Top 10 and SANS Top 25 vulnerabilities and remediation strategies.
• Working knowledge of using APIs to interact with web services provided by tools.
• Experience in conducting tool evaluations and building proof of concepts.
• Ability to integrate with reporting tools to provide a consolidated view.
• Ability to translate technical standards into practical applications.
• Assist in driving consistency and standardization of DevSecOps services across the enterprise.
• Strong automation and Infrastructure as Code (IaC) skills, especially with Ansible and Python.
• Maintain documentation and user guides.
• Knowledge of security within cloud environments, particularly around networking, security, and administration.
• A motivated and flexible approach to work in an agile environment utilizing tools such as Jira, Jira Align, Miro, Confluence.
• Demonstrate strong performance ethos and commitment to outstanding customer service.
• Ability to interface effectively with both technical and non-technical teams.
• Willingness to train and upskill continuously.
• Excellent communication, time management, and organizational skills.