DevSecOps Engineer

The Company:

The JD Group is a leading omnichannel retailer of Sports Fashion, Street & Premium Fashion, Outdoors and Gyms with over 90,000 colleagues over 4,500 stores across several retail fascia's in over 36 countries around the world.

We are an equal opportunities employer who embraces and values differences. We recognise the importance of an inclusive workplace culture in which everyone can thrive irrespective of their background or identity.

To be a part of this successful and continuously growing company, you will have the desire to ingrain our strategic goals of being a people first, a digital leader and customer focused organisation which provides operational excellence and is continuous with identifying new areas of growth into our day-to-day.

Job Title: DevSecOps Engineer

Location: Bury

Job Type: Full-Time

Job Description: We are seeking a skilled and motivated DevSecOps Engineer to join our growing Information Security team. The ideal candidate will have a strong background in both development and security operations, with a passion for integrating security practices into the DevOps process. As a DevSecOps Engineer, you will play a critical role in ensuring the security and integrity of our software development lifecycle.

Key Responsibilities:

1. Implement and manage security tools and practices within the CI/CD pipeline.
2. Collaborate with development, operations, and security teams to integrate security measures throughout the software development lifecycle.
3. Conduct security assessments and vulnerability testing to identify and mitigate risks.
4. Develop and maintain automated security testing scripts and tools.
5. Monitor and respond to security incidents and alerts.
6. Ensure compliance with industry standards and regulations.
7. Provide guidance and training to development teams on secure coding practices.
8. Continuously improve security processes and practices.

Skills & Experience:

1. Proven experience as a DevSecOps Engineer or in a similar role.
2. Strong understanding of DevOps principles and practices.
3. Experience with CI/CD tools such as AWS CodeBuild, Jenkins, GitLab, Azure DevOps.
4. Proficiency in scripting languages such as Python, PowerShell.
5. Knowledge of security tools and frameworks (e.g., OWASP, SCA, SAST, DAST).
6. Familiarity with one or more cloud platforms (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
7. Excellent problem-solving skills and attention to detail.
8. Strong communication and collaboration skills.

Preferred Qualifications:

1. Relevant certifications such as Certified DevSecOps Professional (CDP), Certified Information Systems Security Professional (CISSP), or AWS Certified Security Specialty.
2. Experience with infrastructure as code (IaC) tools like Terraform, CloudFormation, Ansible.
3. Knowledge of security frameworks, regulatory requirements and compliance standards (e.g. NIST, PCI DSS, GDPR).