DevSecOps Engineer

Sydney

 

About the Role

Sandstone Technology is an Australian leading Fintech, providing innovative and cutting edge digital banking, digital lending and customer acquisition solutions to financial institutions across the globe.

We are currently seeking a passionate DevSecOps Engineer to join our Cloud Services team. You will play a pivotal role in ensuring the company’s infrastructure and information assets are secured, utilising IaC and CI practices.

 

Key Responsibilities:

  • Focusing on ‘Detecting’ and ‘Protecting’ (NIST Cyber Framework), and automating security controls
  • Establishing Security Operations Center (SOC) for Sandstone Cloud Services
  • Leading security incident response plays
  • Building and maintaining standard operation procedure (SOP) to mitigate reported security incidents
  • Embedding and championing continuous secure delivery / continuous secure deployment pipelines  
  • Building, maintaining and improving security tools, security incident monitoring, alerting and real-time reporting for security controls
  • Using IaC (Infrastructure as Code) practice for creating and managing security controls and tooling
  • Managing security tools and services supplied by third party vendors
  • Providing quality assurance and compliance verification of AWS services and environments
  • Assessing architectures and designs for security vulnerabilities and suggest and implement proper alternatives

  
The successful candidate will possess the following:

  • 4+ years of experience in software development or IT operations
  • Hands-on experience with AWS Security related services (Security Hub, Guard Duty, Config, WAF etc)
  • Hands-on experience with security tools (Nessus, TM Deep security, SIEM etc)
  • Strong knowledge of Linux/Windows systems, security & networking fundamentals
  • Hands-on experience with Cloud services (AWS preferred) and container technologies (Docker)  
  • Hold or be actively pursuing security-related professional certifications within the GIAC family of certifications or CISSP, CISM or CISA
  • Good understanding of the information security management frameworks (ISO 27001, 27018 and NIST, CIS)
  • Exposure to Infrastructure as Code (Terraform, CloudFormation etc) is advantageous  

 

About Us

At Sandstone, our people are our number one asset and we believe in providing opportunities for our people to develop and grow their careers through our training and development programs, mentoring and on the job coaching. Our employees enjoy a healthy work life balance with a number of social activities planned throughout the year, to relax and celebrate successes!

We offer all employees:

  • Opportunity to work for a company servicing the finance industry in Australia, UK/Europe, and Asia
  • Challenging high-profile projects delivered into complex environments
  • Opportunity to work with a talented, market-leading team
  • Competitive remuneration package
Note: Only shortlisted candidates will be contacted.