DevSecOps Engineer

The Technology Department delivers differentiation, scalability, and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile 'streams' aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design. IT runs our enterprise-wide services to end users and actively manages the firm's infrastructure and data to provide and accelerate business value. A Data team enables the firm to leverage data to increase productivity and improve business decisions, as well as maintain data compliance. Our Infrastructure group delivers operations and engineering across Infrastructure Operations, Network, Communications, Endpoint and Platform Engineering. As a DevSecOps Engineer you will play a critical role in integrating security into every phase of our software development lifecycle. You will be responsible for designing, implementing, and managing security automation within DevOps processes, ensuring our infrastructure, code, and applications are secure by design. In addition, you might be involved in other engineering tasks related to security. This role requires close collaboration with development, operations and security teams to foster a culture of security without compromising speed and agility. This role requires a deep knowledge of security principles and best practices but one that is continually evolving with the advancement of technology and threats. Staying current with industry trends and continuous learning is essential in this role. Responsibilities: Role specific:

• Implement and manage security testing tools (SAST, DAST, etc.) within CI/CD pipelines to ensure vulnerabilities are detected and addressed early in the development lifecycle.
• Secure our cloud infrastructure (AWS and Azure), including managing identity and access, network security, encryption, and monitoring for threats.
• Automate security tasks such as vulnerability scans, compliance checks, and threat detection using scripting (Python and Powershell) and DevOps tools (Bitbucket Pipelines, GitHub CI/CD etc).
• Ensure security in our infrastructure deployments using IaC tools Terraform and Ansible. Conduct security audits on infrastructure code.
• Secure containerized environments (Docker, Kubernetes) by implementing best practices for image scanning, runtime security, and orchestrator security.
• Monitor for security threats, analyse incidents, and work with the incident response teams to mitigate risks. Ensure robust logging and monitoring practices are in place.
• Work closely with developers and operations teams to promote security best practices without disrupting the DevOps workflow.
• Stay up to date with the latest security threats, vulnerabilities, and tools. Continuously enhance security measures and DevSecOps processes to keep up with the evolving landscape.
• Carry our R&D to discover opportunities for innovation.
• Capture, track and report on usage metrics across the technology estate, to assist in measuring success and decision making.
• Arrange knowledge workshops and training.
• Capture security architecture decisions made along with context and consequences.
• Follow the change approval process on implementation.
• Work weekends or outside normal working hours as necessary to avoid business impact when implementing solutions.
All staff:
• Ensure compliance with the company's regulatory requirements under the FCA.
• Adhere to the operational risk framework for your role ensuring that all regulatory or company determined parameters are complied with.
• Role model for demonstrating highest level standards of integrity and conduct and reflecting Company Values.
• At all times comply with the FCA's Code of Conduct.
• Ensure that you are fully aware of and adhere to internal policies that relate to you, your role or any other activities for which you have any level of responsibility.
• Report any breaches of policy to Compliance and/ or your supervisor as required.
• Escalate risk events immediately.
• Provide input to risk management processes, as required.
  
  Essential:
• Strong understanding of security principles, vulnerability management, encryption, authentication and identity management.
• Ability to work cross-functionally with development, operations, and security teams. Strong communication skills to advocate for security best practices.
• Strong knowledge of DevOps tools like Bitbucket Pipelines, Github Actions, GitLab CI, CircleCI, or similar.
• Experience with cloud platforms, AWS or Azure.
• Expertise in containerization and orchestration tools (Docker, Kubernetes) and their security.
• Proficiency in scripting languages Python or Powershell for automation.
• Experience with IaC tools Terraform and Ansible.
• Familiarity with security tools like SAST, DAST, vulnerability scanners, and SIEM solutions.
Desirable:
• Working in a regulated environment and knowledge of the risk and compliance requirements associated with this.
• Security certifications like Certified Information Systems Security Professional (CISSP), AWS Certified Security Specialty, or similar.
• Experience with security tools such as Snyk, SonarQube, or similar.
• Experience with Splunk.
Competencies:
• A collaborative team player, approachable, self-efficient and influences a positive work environment.
• Demonstrates curiosity.
• Resilient in a challenging, fast-paced environment
• Ability to take a high level of responsibility in a fast paced and high-volume environment.
• Excels at building relationships, networking and influencing others.
• Strategic collaborator with insight and agility, able to anticipate future challenges, ensuring operational effectiveness
If you're forging a career in this area and are looking for your next step, get in touch!

Marex is a diversified global financial services platform, providing essential liquidity, market access and infrastructure services to clients in the energy, commodities and financial markets. The Group provides comprehensive breadth and depth of coverage across four core services: Market Making, Clearing, Hedging and Investment Solutions and Agency and Execution. It has a leading franchise in many major metals, energy and agricultural products, executing around 50 million trades and clearing 205 million contracts in 2022. The Group provides access to the world's major commodity markets, covering a broad range of clients that include some of the largest commodity producers, consumers and traders, banks, hedge funds and asset managers. Marex was established in 2005 but through its subsidiaries can trace its roots in the commodity markets back almost 100 years. Headquartered in London with 36 offices worldwide, the Group has over 1,800 employees across Europe, Asia and America.