We're looking for a Senior DevSecOps Engineer to join our DevSecOps team, and help us improve security tooling and controls across engineering.
You’ll be working with development teams across all disciplines (Frontend, backend, infrastructure) to improve security practices and be an exemplar of secure code across the engineering team.
Requirements
We know how challenging it can be to tick every box.
Here are a few skills that we feel would make you successful in the role, but please do not be put off from applying if you do not have every single one of them:
- Proven experience in building, developing and improving security tooling
- Experience working in a Cloud native environment (AWS, Github Actions)
- Good understanding of delivering at scale using CI/CD
- Ability to work with other teams, providing training and guidance to empower developers to improve security in the SDLC
- Strong verbal and written communication skills, including the ability to write documentation with different target audiences (developers, internal runbooks and non-technical)
- Confidence and ability to suggest and drive new security projects and initiatives using requirements from other teams.
- Be an example for good coding and security practices
- Significant commercial experience with back-end development with a good understanding of the SDLC.
- Most importantly, you have a desire to learn, grow, work with an amazing team and deliver solutions
Extra points
- Working with application security (appsec) experience is a plus (Auditing, security unit testing)
- Previous experience working at a scale-up FinTech
- Commercial experience with Github Actions (Including Github Advanced Security)
Responsibilities
- Develop or select and integrate new dev-facing security tooling based on business and engineering requirements, then sustain and evolve it as the Smart Platform grows.
- Review and suggest improvements on existing tooling and security processes.
- Empower our engineering teams to take ownership of the security standards and practices of their code by:providing detailed, code level, security guidance to the teams,
- working with teams to code review code for security vulnerabilities and embed/improve security threat modelling into the engineering process
- train developers on secure coding practices and share industry best practices,
- oversee continuous code audits.
- Help evolve development standards and practices
- Review Pull Requests from your team and provide feedback
- Work in a collaborative, agile team environment that is aiming for continuous improvement
- Help mentor and coach more junior members of the team to deliver quality code and tools
Engineering at Smart
At Smart, we build working software that always works - and we do it fast! We’ve managed to thread the needle between speed and reliability, with double digit daily deploys into production and an exceptionally low rate of failure. Smart is disrupting an industry that has been particularly slow to adopt new technology. As a tech company (in culture, tools, and people) that does pensions, we’re uniquely positioned to shake things up!
We have the benefit of having adopted many engineering best practices from day 1. Our approach to code is simple: keep it small, clean, and ensure it has thorough test coverage. We don't ship code just to hit a deadline. Pensions are a long game. We're handling peoples retirement income, so the stability, security and accuracy of our platform is everything. But we also recognise that being able to deliver change and innovation at pace are our secret sauce!
Some interesting notes on the way we work:
- We built Smart on a monolith and we are shifting to a modular, Domain Driven approach to scale.
- We operate in 4 different countries at this time and plan to establish Smart in many more.
- We use Cloud Native tools and automation to ensure compliance and security with regulated benchmark tooling (CIS, MITRE)
- We use AWS as our cloud provider, Github as our SCM and CI system, Datadog for monitoring. We use containers to deliver our applications.
- We are migrating from Heroku to EKS for our application platform and from AWS Codepipeline to Github Actions for our delivery pipelines.
- We work hard to maintain at least 96% test coverage of our application through collaboration and strong code review practices.
- We ship software continuously, releasing new features to production up to 30 times a day.
- We follow Agile practices and are developing a strengthening DevOps culture.
- We take career progression and personal development seriously, and offer ample opportunities for both.
- We value in diversity and inclusion, and it’s reflected in both our team shape and in how we spend our time. Over 80% of our Engineering team recently volunteered their time to be coaches at the recent Rails Girls London event – a free workshop aimed at making technology more approachable for women.
- We empower our engineers to propose new ideas. For instance, we run regular hackathons, and many of these ideas wind up being implemented and put into production!
About us
Smart is a rapidly growing fintech company transforming the pension industry, helping people around the world have a more financially secure life in retirement. Using our award-winning platform, we build digital products to help people plan for their financial future globally. We’ve gone from a small start-up to a global industry leader with over £2bn in assets under management.
At Smart, we're a diverse team spanning across four continents. We’ve grown to a team of almost 1000 talented people, all dedicated to creating the best experience for our customers and an inclusive workplace for our colleagues. We are certified by Great Place To Work, find out more here. Find out more about our culture on LinkedIn Life and Glassdoor.
Benefits
We offer competitive salaries, great colleagues and excellent benefits, including:
- 25 days holiday per year that increases with length of service.
- Pension scheme using salary sacrifice, Smart will match your contributions up to 5% of your salary
- £500 personal training budget every year to spend on courses or conferences or training materials
- Health insurance with Equipsme, including Dental, Eyecare and EAP
- Enhanced sick leave (three months pay per year)
- Death in service with Unum (4xbase salary)
- Enhanced maternity and paternity (maternity – 6 months fully paid/paternity – 3 weeks fully paid)
- Five-week sabbatical after five years of employment
- Cycle benefits including, cyclescheme, cycle storage, lockers and shower rooms.
Visit our careers page at www.smart.co/careers to find our Recruitment Data Policy.
Please click on the link if you have any questions about how we store your data or to know your rights.