DevOps Security Engineer

 

Linux Administrator / SRE

 

A fantastic opportunity for an experienced Linux Administrator / SRE Engineer, to be part of a global team supporting DLP (Data Leakage Prevention) at one of the world's largest financial institutions.

 

This role is within a dynamic security agile squad focused on Data Leakage Prevention (DLP); responsibilities include:

• Enterprise Linux Management: Extensive experience managing on-premise Enterprise Linux environments, including server updates, monitoring, and web/mail service configuration. Expertise in configuring secure communication protocols and system services in production environments.
• SMTP and Email Security: In-depth understanding of SMTP configuration and security, including encryption protocols such as TLS for securing email in transit, able to create asymmetric keys and certificates.
• S/MIME Encryption: Configured and deployed S/MIME encryption for secure email communication across Microsoft 365, handling certificate management for organization-wide email signing and encryption. Managed private/public key pairs for secure messaging, including user onboarding and key lifecycle management.
• TLS/HTTPS for Web Security: Proficient in configuring HTTPS with SSL/TLS to ensure encrypted web communications, securing data integrity and privacy in transit. Experience in generating, rotating and managing SSL certificates for web services and ensuring compliance with security best practices.
• Communication Protocols Expertise: Strong understanding of web and communication protocols, including HTTP, HTTPS, and SMTP, with a focus on securing them through proper encryption methods. Capable of managing end-to-end security for both email and web communication platforms.
• Incident and Change Management: Collaborates with Risk Teams to identify data leakage concerns, categorize them, and develop plans to minimize their impact. Understands the implications of changes and effectively communicates and adheres to change management processes.
• Scripting: Python, PowerShell or similar

 

Nice to have:

• Authentication and Security Protocols: Familiar with key authentication protocols for email and web services, including OAuth, SAML, LDAP, and OpenID Connect (OIDC).
• Email Authentication: Knowledgeable in configuring SPF, DKIM, and DMARC to enhance email security and prevent spoofing, ensuring proper domain records are in place.
• Web Authentication: Experience in implementing secure authentication for web applications, including multi-factor authentication (MFA) and single sign-on (SSO), to protect user access.
• Monitoring and Alerting: Proficient in using monitoring tools such as Splunk to aggregate data from applications, create alerts for incidents, and maintain oversight of system health.
• Run-Books and Documentation: Skilled in creating run-books and documentation to facilitate troubleshooting, support procedures, and knowledge transfer across teams.
• CI/CD and Configuration Management: Experience applying updates to services through CI/CD pipelines and automation tools like Ansible, Git, ensuring efficient deployment and management of application configurations.

 

Professional Skills

• Experience working within Agile teams
• Knowledge of IT Service Management (ITIL)
• Self-starter with proven experience in technical & application support of enterprise systems
• The ability to manage task and work autonomously where required
• Ability to quickly learn and understand proprietary technologies in a complex, regulated environment
• Excellent verbal and written communication skills coupled with a collaborative approach.