DevOps Security Engineer

Cambridge
Technology – Cyber Security
Full Time
Company Overview:

A leader in creating deep and engaging experiences on PC and mobile, Jagex was founded in 2001 and is today one of the UK’s biggest and most respected video game developers and publishers.

Famed for its flagship MMOs RuneScape and Old School RuneScape, Jagex has welcomed more than 260million player accounts to its world and created a $1bn lifetime franchise revenue. Today the RuneScape franchise exists beyond running games in live operations; our titles are living games that connect and inspire millions of players, with content and experiences both inside and outside of inexhaustible game worlds.

Both RuneScape and Old School RuneScape, on PC and mobile, offer ever-evolving, highly-active worlds and our community-focussed development ethos empowers players to have a real say in how each game is shaped.

Jagex is expanding and extending its portfolio with fresh franchise titles, new IP and, in 2018 launched Jagex Partners, delivering third-party publishing and operational services exclusively for the living games of the future.

Jagex employs more 360 people at its Cambridge headquarters and is on the hunt for talented people to work across the business to help the company to achieve yet another year of record growth and player satisfaction.

Job Overview:

Working as a Security Devops engineer you will evangelise security engineering best practices across the organisation’s development teams (especially DevOps and Cloud) driving the security of all operations.

You will be able to identify solutions and provide consultative approach to help the development teams as the main SME. Working directly with our development teams you will also lead threat modelling workshops, define and communicate security best practices, and automate security within of the CI/CD pipeline.

This is the perfect opportunity for an experienced SecDevOps engineer to join a growing, dynamic and innovative gaming company.

Key Duties

    • Define and support secure continuous delivery approaches including tools and automated process.
    • Define security requirements within the AWS environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics.
    • Assist with application security testing and code reviews 
    • Performing security reviews, identifying gaps in security architecture and design
    • Creating security policies and standards
    • Review and design application security controls
    • Researching information security standards; conducting system security and vulnerability analyses and risk assessments
    • Develop secure coding policies, procedures and standards,
    • Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.

Essential Requirements

    • Knowledge of Agile methodology 
    • Vulnerability management. Good knowledge on performing vulnerability tests.
    • Solid understanding of AWS
    • Technical knowledge of secure engineering principles
    • Application security assessments (source code and dynamic)
    • Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity and access control management toolsets.
    • Understanding of application threat modelling and SDLC security practices.
    • Experience integrating automated security tools into CI/CD pipeline.
    • Proven working experience within software development industry
    • Excellent interpersonal and communication 
    • Proven working experience in conducting DevSecOps in an agile work environment.
    • Proven working experience in at least a programming language (JAVA, Python, Bash,Perl, etc.)
    • Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
    • Knowledge of continuous delivery and Application Lifecycle Management tools (Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)

Qualifications

    • Postgraduate degree within the Information security domain
    • Certification: Certified Information Systems Security Professional (CISSP)
    • Certificate of Cloud Security Knowledge (CCSK),
    • Offensive Security Certified Expert (OSCE),
    • Offensive Security Certified Professional (OSCP) or equivalent
Company Benefits:

- Flexible Working
- Bonus Scheme
- Private Health Care
- Gym Membership
- Generous Pension Contributions
- Life Insurance
- Free Cycle Repair
- Income Protection
- Dental Plan
- Free Fruit and Drinks
- Subsidised Canteen

Feel like you fit this role, but don’t meet all the requirements? We strive for fresh perspectives, so as long as you can demonstrate how your attitude and other abilities might make up for any gaps we would welcome your application!
 
Jagex are an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender reassignment, marriage or civil partnership, pregnancy or maternity, religion or belief.