Overview

My client, a Professional Services company, is looking for an IT Security Salesforce Engineer to join their client (in the Insurance sector) on site in London, with Kent as the likely location. This role requires 2/3 days per week on site.

About the IT Security Salesforce Engineer Role

As a Security Engineer, you’ll provide hands-on technical expertise to guide software development, delivery and continuous improvement with a focus on risk and security. You’ll help evolve our new Digital Platform so that it is secure and compliant with internal and industry regulations. You will analyse new feature code to identify security risks and work with engineers to mitigate them, applying modern security standards such as OWASP CI/CD, DSOMM, SAMM and Cloud Security Posture management systems such as Azure Defender and Prisma Cloud.

What you will be doing

• Analyse new feature code to identify security risks and work with engineers to mitigate these
• Deliver improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation)
• Work with Information Security teams to ensure Security policies are implemented in the most efficient and flexible manner
• Design, build, operate monitoring and alerting technology for large, complex multi-site B2C and B2B applications
• Design, build, operate and optimise logging technology so that more data can be gathered about sites’ holistic performance and reliability
• Contribute to the definition, adherence to and upholding of coding standards and our software delivery lifecycle to ensure the delivery of secure, quality systems

What you’ll bring

• Engineering expertise in complicated Salesforce environments. Experience with Copado for CI/CD is a plus
• Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred)
• Experience applying modern standards such as OWASP CI/CD, DSOMM, SAMM; experience with Cloud Security Posture management systems such as Azure Defender, Prisma Cloud (preferred)
• Expertise with SAST & SCA systems such as Snyk, Checkmarx (essential) including policy
• Comfortable working with teams to develop Threat Models as part of risk assessment (preferred), including remediation plans
• Experience with DAST systems such as OpenZAP, Qualys DAST (preferred) ideally with HTTP APIs
• Experience with API security models, including OAuth2, Zero Trust concepts (preferred)
• Experience with Azure DevOps and multi-stage pipelines; managing large-scale software estates from an operational perspective (build, release, monitoring, rollbacks, High Availability, etc)
• Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols etc), cloud network design (VPNs, subnets, regions/zones etc), and integration-related technologies (e.g. Auth0, APIM, etc)
• Experience in hands-on building of automated security test suites

Contact

If the above is of interest please message on darius.goodarzi@robertwalters.com or call 0207 509 8040.

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates.

About the job

• Contract Type: Permanent
• Focus: Information Security
• Workplace Type: Hybrid
• Experience Level: Senior Management
• Location: Kent
• Industry: Banking
• Salary: £100,000 - £125,000 per annum