Any UK base
An overview of the role
You will provide security consulting and delivery capability to our customers as a trusted authority, architecting and delivering secure CI/CD pipelines for promotion of applications and infrastructure into hybrid cloud environments, while embedding security tooling and adopting a ‘shift-left’ approach.
DevSecOps consulting and delivery across one or more of the following areas:
• Helping our clients to architect secure CI/CD pipelines.
• Assessing the maturity of security within our clients DevOps processes.
• Embedding static, dynamic, interactive and mobile application security testing tools within application CI/CD pipelines.
• Embedding Software Composition Analysis tools within CI/CD pipelines.
• Embedding container vulnerability scanning tools within CI/CD pipelines.
• Automating the delivery of secure cloud configurations within AWS, Azure or GCP using Infrastructure as Code.
• Embedding tools to scan Infrastructure as Code and test compliance with organizational cloud security policies within infrastructure CI/CD pipelines.
• Definition of guardrails using cloud native technologies such as Azure Management Groups and Azure Policy or AWS Organizations and Service Control Policies.
• Automating secure configurations using tools such as Chef, Puppet and Ansible.
• Delivery of DevSecOps pipelines with security tooling embedded within them using automation servers.
• Definition of security requirements for container management services based on Kubernetes and Docker.
• Definition of security requirements for source code repositories, binary repositories and secrets managers used within CI/CD pipelines.
• Working closely with software engineers and/or platform engineers to embed security thinking into DevOps teams.
• Delivery of security training to software engineers and/or platform engineers.
• Development of secure coding standards.
Why this role?
Capgemini’s Global Cybersecurity Practice (of over 4,000 professionals) delivers projects, consulting and Managed Run services in all areas of IT and OT, from networks to cloud services and everything in between. Our services include high-level consulting, strategy and business case development, architecture design, implementation and managed operations across all market sectors including government and secure sectors.
We offer a comprehensive portfolio of services that maps across IT advisory, design, implementation and ongoing management, to serve as true an end-to-end capability partner entirely aligned to business outcomes.
Within our Cybersecurity practice, Capgemini have a thriving and growing Global DevSecOps community. Not only are we seeking to grow our reputation within Capgemini but also to lead and innovate externally through contributions to relevant industry bodies such as OWASP. It is our ambition to become renowned as a leader in the delivery of DevSecOps. We are determined to grasp the opportunity presented by the cultural change bought about by DevOps and embed security as a true enabler, delivering continuous security improvement at the pace demanded by modern digital business.
You will be comfortable working alone or as part of a team bring to use your experience in one or more of the following:
• Practical hands on experience of embedding security within CI/CD pipelines.
• Confident architecting solutions for one of the major public cloud platforms.
• Experience using application security testing tools and interpreting results.
• Proven ability to develop DevSecOps requirements and lead development and delivery or DevSecOps architectures.
• Experience working as a client-side advisor leading DevSecOps initiatives.
• A thirst for knowledge, a self-starter who is interested in expanding their experience through continual development.
Key Technologies you’ll use (one or more of): AWS / Azure / GCP, GitHub / GitLab, Azure DevOps, Docker / Kubernetes, Jenkins / TeamCity / CircleCI / Bamboo, Chef / Ansible / Puppet, Veracode / CheckMarx / Fortify, OWASP ZAP / Burp Suite, Snyk, Terraform, JFrog Artifactory / JFrog X-Ray.
Capgemini positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, gender identity, religion or belief, marital status, or pregnancy and maternity. We are committed to hiring, developing and retaining the best people to deliver innovative, world-class solutions for our clients. We foster an inclusive culture that enables everyone to achieve their full potential and enjoy a fulfilling career with us. Our comprehensive flexible benefits package and lifestyle policies enable our employees to balance their individual, family and work-life needs.
Capgemini is a global leader in consulting, digital transformation, technology and engineering services. The Group is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year+ heritage and deep industry-specific expertise, Capgemini enables organisations to realise their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. Today, it is a multicultural company of 270,000 team members in almost 50 countries. With Altran, the Group reported 2019 combined revenues of €17billion.