IT.Senior DevSecOps Engineer

About Citco

JOB DESCRIPTION

The Citco group of companies (Citco) is a network of independent companies worldwide for over 70 years, all of which are leading providers of asset-servicing solutions to the global alternative investment industry. With $1.8+ trillion in AuA and operations across 36 countries with over 50 office locations.

For decades, industry publications have recognized our leadership in service and innovation. These accolades are a reflection of our drive to push ourselves and our industry forward.

With strategically positioned global offices ,we offer opportunities for graduates and seasoned professionals to work across the world. Careers at Citco can span continents.

For more information about Citco, please visit www.citco.com

About The Team & Business Line

Proprietary software solutions and innovation are at the core of what differentiates Citco in the alternative investment space. Through our network of global development centres, Citco invests heavily in technology development, security, and infrastructure to ensure our clients continue to receive award-winning products that underpin our commitment to service excellence.

As a valuable member of our Security team, you will work closely with internal stakeholders and cross-functional teams to support the organization in implementing a robust security and risk management and control framework globally across all lines of business.

Your Role

We are seeking a highly skilled Senior DevSecOps Engineer to join our dedicated DevSecOps group within the IT Security department. This role involves direct reporting to the DevSecOps Manager while also having direct access to the EVP Head of Security Operations and Threat Intelligence. The position requires close collaboration with enterprise developers and other security professionals to enhance and automate security practices across the organization.

As a Senior DevSecOps Engineer, you will play a critical role in strengthening the security posture of our software development lifecycle (SDLC) by integrating advanced security practices and tools into our CI/CD pipelines. You will ensure that security is embedded throughout the development process, from initial code writing to final deployment.

Key Responsibilities

• Software Bill of Materials (SBOM) Management:
• Drive the automated integration of SBOMs into the development process, ensuring consistent publication across the organization.
• Monitor SBOMs for insecure versions, suspicious components, or changes, and automatically alert responsible parties to any potential security issues.
• Work with the vulnerability management or Threat intelligence teams to query SBOMs for vulnerabilities and manage risk mitigation efforts across third-party software components.
• Secure Software Development Lifecycle (SDLC) Expertise:
• Tool Integration: Maintain, update, and integrate secure coding tools within the CI/CD pipelines to ensure code compliance and security throughout the development lifecycle.
• Knowledge Sharing: Develop and manage a knowledge base for secure coding practices, providing guidance on tool usage, configurations, and security best practices specific to the organization.
• Training and Support: Offer training and support to development and operations teams on secure coding techniques, addressing common pitfalls, and highlighting emerging security threats and trends.
• Language Specialization: Provide expertise in securing code across various programming languages, focusing on identifying and mitigating vulnerabilities.
• IT Security Development Resource:
• Support internal IT Security projects by providing development expertise, especially in collaboration with our SOC and Threat Intelligence groups.
• Conduct code reviews and offer development guidance to ensure security best practices are followed throughout the organization.
• Collaborate across IT Security teams to enhance security measures and respond to evolving threats.
  
  

About You

• Experience:
• Minimum of 7 years in DevOps or DevSecOps, with at least 3 years in a senior role focusing on integrating security within CI/CD pipelines.
• Extensive experience with SBOM management, secure coding practices, and automation in a DevSecOps environment.
• Proven ability to work with AI/ML technologies for security monitoring and anomaly detection.
• Technical Expertise:
• Deep Understanding: Expertise in CI/CD tools and platforms (e.g., Jenkins, GitLab CI, CircleCI) and their seamless integration with security tools to ensure robust and continuous security within the development pipeline.
• Secure Coding: Proficiency in secure coding practices across multiple programming languages (e.g., Java, Python, JavaScript, Shell, C) with an emphasis on preventing vulnerabilities from entering the codebase.
• Application Security: Strong expertise in software composition analysis (SCA), static analysis security testing (SAST), and dynamic analysis security testing (DAST) to identify and remediate vulnerabilities early in the software development lifecycle.
• Cloud Security: Extensive experience with cloud security automation, particularly in AWS and Azure environments, to ensure security policies are consistently enforced across cloud platforms.
• Infrastructure as Code (IaC): Familiarity with tools like Terraform, CloudFormation, or similar, to automate and secure cloud infrastructure deployments.
• Governance: Familiarity with regulatory requirements and frameworks (e.g., ISO 27001, NIST) as they relate to software development and security.
• Certifications:
• Relevant certifications such as Certified DevSecOps Professional (CDP), Certified Information Systems Security Professional (CISSP), or similar are highly desirable.
• Soft Skills:
• Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, particularly in identifying and mitigating security risks within the development process.
• Ability to collaborate effectively across departments, driving security initiatives in a fast-paced, dynamic environment.
• Education:
• A bachelor's degree in computer science, cybersecurity, or a related field is preferred, though equivalent work experience will also be considered.
• A master’s degree or additional certifications in security or DevOps is a plus.
  
  

Our Benefits

Your well being is of paramount importance to us, and central to our success. We provide a range of benefits, training and education support, and flexible working arrangements to help you achieve success in your career while balancing personal needs. Ask us about specific benefits in your location.

We embrace diversity, prioritizing the hiring of people from diverse backgrounds. Our inclusive culture is a source of pride and strength, fostering innovation and mutual respect.

Citco welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection.

Responsibilities

Key Responsibilities:

• Software Bill of Materials (SBOM) Management:
• Drive the automated integration of SBOMs into the development process, ensuring consistent publication across the organization.
• Monitor SBOMs for insecure versions, suspicious components, or changes, and automatically alert responsible parties to any potential security issues.
• Work with the vulnerability management or Threat intelligence teams to query SBOMs for vulnerabilities and manage risk mitigation efforts across third-party software components.
• Secure Software Development Lifecycle (SDLC) Expertise:
• Tool Integration: Maintain, update, and integrate secure coding tools within the CI/CD pipelines to ensure code compliance and security throughout the development lifecycle.
• Knowledge Sharing: Develop and manage a knowledge base for secure coding practices, providing guidance on tool usage, configurations, and security best practices specific to the organization.
• Training and Support: Offer training and support to development and operations teams on secure coding techniques, addressing common pitfalls, and highlighting emerging security threats and trends.
• Language Specialization: Provide expertise in securing code across various programming languages, focusing on identifying and mitigating vulnerabilities.
• IT Security Development Resource:
• Support internal IT Security projects by providing development expertise, especially in collaboration with our SOC and Threat Intelligence groups.
• Conduct code reviews and offer development guidance to ensure security best practices are followed throughout the organization.
• Collaborate across IT Security teams to enhance security measures and respond to evolving threats.