Who are we?
At Seccl, we’re rebuilding the infrastructure of investments and advice.
We provide the vital technology that empowers forward-thinking, entrepreneurial advisers and wealth managers to build the efficient, customer-centric businesses of the future. Powered by Seccl, they can grow more quickly, expand into new and exciting areas and deliver a better experience for their customers.
And we help fintechs to realise their ambitions, by providing plug-and-play access to financial markets. With us at their core, they can build innovative investment or advice solutions on top of our technology quickly and cheaply.
We are part of the Octopus Group – an innovative group of companies that’s on a mission to breathe new life into energy and financial services. We want to change both these industries for the better, to reinvent them the way they should be, improving the lives of millions of people.
How can you help?
We have grown our new Cloud Ops and Developer Enablement (CODE) team and are now looking for an enthusiastic and experience DevSecOps Engineer to drive forward improvements in our security posture by integrating “security by design” into the full software development, release and hosting process.
What will you be doing?
- – Ensuring our product environments are secure.
- – Own the Security Incident Management process together with our DevOps lead and ensure best practice and tooling are in place.
- – Implementing SAST, DAST and SCA testing using tools like StackHawk, Snyk, Codescan, Codacy or Veracode
- – Building security into the entire software lifecycle and championing it with engineering, product and the wider business.
- – Working with CI/CD pipelines and tools to automate and “shift left” security.
- – Cloud and cyber security compliance, gap analysis, threat modelling, vulnerability scanning and remediation
- – AWS cloud design and infrastructure as code based deployment experience – Terraform, Ansible
- – Threat modelling based on industry standard frameworks – OWASP, NIST, CIS
Who are we looking for?
You’ll be someone who
- – Has a background in cloud security
- – Can demonstrate AWS security knowledge to a level required by the AWS Security Specialty certification
- – Understands tenets of application security, secure code architecture and development practices
– Has used a major CI tool such as Jenkins, CircleCI, GitLab, TeamCity etc.
– Has experience using Terraform, Ansible or equivalent IAC/CAC tools
– Has experience in Devops and Site Reliability Engineering principles– CI/CD pipelines,
monitoring and alerting, containers, automation etc.
– Is collaborative and can see the bigger picture at a systems level as well as the detail
– Is comfortable is a fast paced, ever changing and improving development environment
– Relentlessly pursues and supports improvement and enablement in themselves, their
team and their systems
In a perfect world, you’ll also be someone who
- – Has AWS certifications under their belt, including the AWS Security Specialty
- – Has CISSP, CISM, CISA, CCP IA, or similar certifications
- – Has experience around ISO27001 certification
- – Has a working knowledge of Typescript and MongoDB
How do we work?
We’re a team of ambitious, talented, and creative people who are passionate about using
technology to improve our financial world. We have a positive, open environment that promotes fresh ideas, challenge and experimentation, and encourages continual learning. We provide flexible working that
focusses on delivery rather than just focusing on hours worked.
We’re based in the historic City of Bath, a stone’s throw from the train station. (Literally. You could hit it from our office.)
And the vital statistics?
- – Competitive salary
- – Flexible working arrangements
- – Exposure to the latest technology and an opportunity to help shape the future direction
- – 27 days holiday and a day off for your birthday
- – Pension & life assurance