Lead Application Security Engineer

at  Newday

WE NEED KNOWLEDGE, EXPERIENCE + EXPERTISE IN:

5 years experience in security engineering, cloud security or DevSecOps
Hands-on experience building secure infrastructure using Infrastructure as Code
At least one high-level programming language such as Python, C#, or Java
Strong hands-on experience working with major cloud providers (Azure, AWS or GCP)
Working knowledge of CI/CD such as GitHub Actions, AzureDevOps, Jenkins
And would love you to know or learn:
Threat modelling of cloud infrastructure
Securing and hardening CI/CD pipelines
Pulumi, Terraform, or Bicep
Compliance as Code tooling such as Azure Policy, AWS SCPs
Understanding of PCI-DSS, and other security frameworks

AND WOULD LOVE YOU TO KNOW OR LEARN:

You will work with our internal engineering teams, running workshops and facilitating the implementation of DevSecOps practices.
You will lead the design, build, and integration of security with our infrastructure using IaC tools.
Develop high-quality technical content such as reusable modules, templates, custom workflows, automation tools, reference architectures, and guidelines to create a paved security road for engineering teams.
Identify and solve security challenges and reduce bottlenecks, enabling faster deployments.

As a Cloud Security Engineer, you’ll have the ability to play a major role in securing NewDay’s cloud infrastructure.
By helping to develop our cloud security roadmap and building automation and tooling you’ll enable our engineering teams to securely provision infrastructure, building security guardrails to ensure that security is embedded in infrastructure patterns by design.
The team is tasked with upholding the highest security standards for Cloud development, advancing the adoption of Compliance as Code, and proactively monitoring environments to enhance configurations and builds while identifying potential vulnerabilities or threats.