DevOps Security Engineer at SEB in Solna

SEB is a leading northern European financial services group, and at the same time, one of the largest IT employers in the Nordics. Banking is changing rapidly, and we are proud of our reputation for being entrepreneurial and innovative in the face of change. Our brilliant techies work hard to future proof SEB’s digital architecture and customer products because it genuinely makes a significant impact for our customers and colleagues. Does that sound like a fit for you?

What you will be doing

As a DevOps Security Engineer and as a key member of the platform engineering team with responsibility to provide CI/CD and DevSecOps Toolchains, you will take the lead for establishing, implementing, and supporting DevOps security best practices in a central platform team. You will support software engineers to adopt AST (Application Security Testing) practices and promote developer-first security by adopting shift-left approach.

Along with the AST practices you will help software engineers to use static code analysis tools to manage technical depth and software composition analysis (SCA) technology, which identifies open-source and third-party components in use in an application, along with their known security vulnerabilities.

You will be a part of a highly skilled team providing high-quality enterprise-level services to our developer community, including source control, asset repositories and static code analysis. Your understanding of the development landscape will play an important part in your daily work.

The team works according to agile principles, with constantly improving and maintaining our platform. We provide highly qualified support to our users, the SEB developer community. Building automations and integrations is the foundation for providing enterprise-level services.

We currently host our services on-premises but are preparing to transition to SaaS and cloud services. SEB has chosen to adopt a SaaS and Cloud first strategy, and our team is one of the key enablers of this. Adopting SaaS and Cloud emphasizes the importance of the Sec part of DevSecOps. Understanding, implementing, and communicating security best practices through mindset and way-of-working is now becoming an important part of our work.

As a DevOps Security Engineer, you will be responsible for:

· Defining and implementing DevOps Security Best Practices

· Provide and promote secure coding practices

· Provide and support the adoption of secure code verification practices

· Provide and support the usage of tools and technologies for source code and pipeline protection

· Train software engineers in secure coding and application security testing practices

· Championing security, evangelize application security

· Active participation in communities of practice

· Support application teams adopting security testing tools

· Staying up to date on latest DevSecOps tools and solutions, by using at least 10% of your working time for education, business intelligence and hands-on exploration.

· Creating training material for our users

Who we are looking for

To succeed in the role, we believe that you have a background as a developer or worked in other roles that require technical skills, and have the following qualities:

· Outgoing & positive team player

· Effective communication skills in English

· Flexible and willing to take ownership

· Able to manage your time & prioritize

· Up for a challenge and ready to suggest innovative ideas.

· A bachelor's degree in computer science or equivalent is required.

· Embracing equality, diversity, and inclusion

· The will and interest to assist others

You should have knowledge in several of these areas

· SAST (Static Application Security Testing)

· DAST (Dynamic Application Security Testing)

· IAST (Interactive Application Security Testing)

· Multiple programming languages and frameworks (.NET, Java, Python etc.), scripts (JavaScript, TypeScript etc.) and corresponding build tools

· CI/CD capabilities, Infrastructure-as-Code and automations

· Git, GitHub Enterprise, GitHub Advanced Security, GitHub Actions

· SonarQube

· JFrog XRay

· Containers, Kubernetes, OpenShift and Mirantis

· Image scanning

· GCP – Google Cloud Platform

· AWS – Amazon Web Servics

· Azure

What we offer

We offer many experiences and benefits to our employees, and there is nuance to every individual’s career experience, but the elements that define the core of our offering are:

· Innovative company in forefront of technology

· Extensive training and learning opportunities

· Attractive compensation and benefits

· Work-life balance

· Friendly and welcoming culture

Learn more about working at SEB http://www.sebgroup.com/career

It is our fundamental belief that inclusion and diversity is crucial for our future success. We strive to have an inclusive, value-driven culture where employees feel valued, respected, and involved irrespective of who they are, what they believe or where they come from.

Ready to join?

Since we select candidates continuously, feel free to send in your application today, but no later than 16th of May 2023.