Design Engineer Professional

Role Responsibilites

Conduct security assessments at the application, container, and infrastructure levels.
•    Implement and manage Kubernetes security practices, including RBAC, network policies, and audit logging.
•    Secure Kafka topics by configuring ACLs, monitoring access patterns, and ensuring data encryption.
•    Implement database security measures for Postgres and Neo4J DB, including encryption, access controls, and auditing.
•    Secure the private cloud environment, ensuring compliance with security best practices and implementing appropriate controls.
•    Integrate security tools into our CI/CD pipeline using Jenkins, Spinnaker, and GitLab CI/CD.
•    Perform image scanning and signing to ensure the security of container images using tools like Trivy, Clair, and Aqua Security.
•    Monitor and log security events using tools such as Prometheus, Grafana, Fluentd, Elasticsearch, and Kibana.
•    Implement runtime security measures and respond to incidents using tools like Falco and Sysdig.
•    Ensure compliance with industry standards and regulations (e.g., GDPR, HIPAA, SOC 2).
•    Manage secrets and encryption for sensitive data using HashiCorp Vault and Kubernetes Secrets.
•    Collaborate with the cloud infrastructure team to enforce security best practices on AWS, Azure, GCP, and the private cloud.
•    Use Infrastructure as Code (IaC) tools like Terraform and CloudFormation to maintain secure infrastructure configurations.
•    Implement and enforce security policies using Open Policy Agent (OPA) and Gatekeeper.
•    
 

Key Tools and Technologies

Kubernetes Security: RBAC, Network Policies, Pod Security Policies (PSP), Kubernetes Audit Logging
•    Kafka Security: ACLs, TLS Encryption, SASL Authentication
•    Database Security: Postgres, Neo4J DB, Encryption, Access Controls, Auditing
•    Private Cloud Security: Secure configuration, Access Controls, Compliance
•    Container Security: containerd, Trivy, Clair, Aqua Security
•    CI/CD Tools: Jenkins, Spinnaker, GitLab CI/CD
•    Monitoring and Logging: Prometheus, Grafana, Fluentd, Elasticsearch, Kibana
•    Runtime Security: Falco, Sysdig
•    Cloud Security: AWS, Azure, GCP, Private Cloud
•    Infrastructure as Code: Terraform, CloudFormation
•    Secrets Management: HashiCorp Vault, Kubernetes Secrets
•    Policy as Code: Open Policy Agent (OPA), Gatekeeper
•    Image Security:
o    Static Application Security Testing (SAST) Tools: SonarQube, Snyk, Fortify
o    Dependency Scanning: Snyk, OWASP Dependency-Check, Whitesource
o    Image Scanning Tools: Trivy, Clair, Aqua Security, Twistlock
o    Image Signing: Docker Content Trust, Notary
•    Vulnerability and Patch Management: Qualys or similar tools
 

Qualification

• Proven experience in security roles, particularly with Kubernetes, Kafka, database security (Postgres, Neo4J DB), and private cloud environments.
• Strong understanding of DevSecOps practices and tools.
• Familiarity with cloud security and infrastructure as code.
• Excellent problem-solving skills and attention to detail.
• Ability to work collaboratively in a fast-paced, dynamic environment.

Our leadership standards

Looking in:
Leading inclusively and Safely
I inspire and build trust through self-awareness, honesty and integrity.
Owning outcomes
I take the right decisions that benefit the broader organisation.

Looking out:
Delivering for the customer
I execute brilliantly on clear priorities that add value to our customers and the wider business.
Commercially savvy
I demonstrate strong commercial focus, bringing an external perspective to decision-making.

Looking to the future:
Growth mindset
I experiment and identify opportunities for growth for both myself and the organisation.
Building for the future
I build diverse future-ready teams where all individuals can be at their best.