DevSecOps Engineer

We are seeking a proactive and collaborative Application Security Engineer who speaks the language of developers, thrives in the purple team space and is an automation advocate. The successful candidate will work closely with engineering & IT teams to enhance the security of our applications, API’s and infrastructure by implementing preventative controls and identifying risks through security testing. 

You Will:

• Act as a security champion to foster the secure by design approach across the business. 
• Support the identification and analysis of web application security vulnerabilities across the business to reduce risk. 
• Oversee daily management of application security platforms to maintain comprehensive coverage, ensure compliance and remediation of findings. 
• Conduct threat modelling and review application architectures to identify potential risks early in the SDLC. 
• Implement application security controls and proactive measures to prevent security incidents. 
• Implement and manage SAST/SCA tooling across our application repositories to identify source code risks. 
• Scale automated DAST solutions across our applications to maximise testing coverage and provide visibility into runtime security posture. 
• Provide security guidance and remediation advice to engineers where applicable. 
• Carry out penetration testing on internally developed applications to identify security defects. 
• Review and assess the security of third-party vendor applications through configuration and hardening reviews. 
• Validate remediation of security issues by the development team and 3rd parties. 
• Coordinate and arrange external penetration testing assessments to independently evaluate the security of our applications. 
• Build and maintain effective collaboration with development and IT teams.

#LI-Hybrid

You Have: 

• Experienced in applications security focusing on red, blue or purple team activities. 
• Experienced in software development or experience contributing to Open-Source projects.  
• Experienced with DAST tools such as Burp Suite, OWASP Zap or similar.
• Experience with SAST/SCA tools such as Snyk, Veracode, Checkmarx or similar. 
• Proficient in one or more of the following languages - Python, JavaScript, .NET or Java. 
• Well-versed in analysis of open source and third-party library vulnerabilities. 
• Well-rounded knowledge of the Software Development Life Cycle (SDLC) and agile methodologies. 
• Hold a strong understanding and experience testing of both REST and GraphQL APIs. 
• Demonstrated experience with development tools including GitLab/GitHub, Datadog, Jira, Docker, and various IDEs. 
• Previously worked very closely with development and DevOps teams to resolve security issues. 
• Have performed security-focused code reviews to identify code level issues. 
• Experience in creating custom security tooling or scripts. 

Preferred 

• Experience in the financial sector or another heavily audited industry. 
• Experience with cloud services, particularly AWS services like WAF, Cognito etc. 
• Experience working with Infrastructure as Code, Kubernetes and Containers. 
• Experience with auth mechanisms like Open ID Connect, OAuth and identity providers. 
• Experience in creating custom CI/CD pipeline jobs to carry out security related reviews or scans. 

What’s in it for you to join MUFG Investor Services?   

Take a look at our careers site and you’ll find everything you’d expect from a career with the fastest-growing business at one of the world’s largest financial groups. Now take another look. Because it’s how we defy expectations that really defines us. You’ll feel that difference in all kinds of ways.  Our vibrant CULTURE. Connected team. Love of innovation, laser client focus, and next-level LEARNING & DEVELOPMENT.  Oh, and we really walk the talk when it comes to HYBRID WORKING.     

So, why settle for the ordinary?  Apply now for a Brilliantly Different career.   

We thank all candidates for applying; however, only those proceeding to the interview stage will be contacted.

We are an equal opportunity employer.