5 months ago
Home to the iconic massive multiplayer online role-playing game RuneScape and its extended family of adventurous titles, we’re a leading games studio that places our players at the heart of everything we do.
We’ve welcomed over 250 million players to RuneScape’s world of enthralling fantasy and, together with our team of passionate game creators, our community helps to shape how our games evolve.
From casting votes on future game content, to interacting with the studio teams in live streams and in chat, we also join together in person at our celebrated fan convention, RuneFest.
Together with our players, we’re united as one Jagex tribe. Together we’re building deep and engaging multiplayer gaming experiences for players everywhere.
HOW YOU CAN CONTRIBUTE
Working as a Security Devops engineer you will evangelise security engineering best practices across the organisation’s development teams (especially DevOps and Cloud) driving the security of all operations.
You will be able to identify solutions and provide consultative approach to help the development teams as the main SME. Working directly with our development teams you will also lead threat modelling workshops, define and communicate security best practices, and automate security within of the CI/CD pipeline.
This is the perfect opportunity for an experienced SecDevOps engineer to join a growing, dynamic and innovative gaming company.
As part of your role, you will:
Define and support secure continuous delivery approaches including tools and automated process.
Define security requirements within the AWS environment around automation CI/CD, access controls, authorization, authentication, network, automated compliance, alerting and forensics.
Assist with application security testing and code reviews
Performing security reviews, identifying gaps in security architecture and design
Creating security policies and standards
Review and design application security controls
Researching information security standards; conducting system security and vulnerability analyses and risk assessments
Develop secure coding policies, procedures and standards,
Engage with the engineering teams to review and update Software Development Life Cycle (SDLC) to include necessary security checkpoints, code review methodologies, etc.
WHAT WE NEED
Knowledge of Agile methodology
Vulnerability management. Good knowledge on performing vulnerability tests.
Solid understanding of AWS
Technical knowledge of secure engineering principles
Application security assessments (source code and dynamic)
Working knowledge of vulnerability/compliance, patch management, anti-malware, APT, identity and access control management toolsets.
Understanding of application threat modelling and SDLC security practices.
Experience integrating automated security tools into CI/CD pipeline.
Proven working experience within software development industry
Excellent interpersonal and communication
Proven working experience in conducting DevSecOps in an agile work environment.
Proven working experience in at least a programming language (JAVA, Python, Bash,Perl, etc.)
Proven working experience with DevOps container/orchestration tools (ie: Docker, Kubernetes, etc.)
Knowledge of continuous delivery and Application Lifecycle Management tools (Jenkins, Bamboo, JIRA, SVN, Git, Nexus, etc.)
Postgraduate degree within the Information security domain
Certification: Certified Information Systems Security Professional (CISSP)
Certificate of Cloud Security Knowledge (CCSK),
Offensive Security Certified Expert (OSCE),
Offensive Security Certified Professional (OSCP) or equivalent
WHAT WE OFFER
If you join us you can expect a competitive salary and great benefits like fully paid for gym membership, bonus entitlement, private health care, flexible working, cycle repair and fresh fruit delivered to your team every day. We also have GREAT coffee machines, an onsite canteen and pub and an in-studio cinema! Expect regular team events as well as EPIC company-wide parties to celebrate our successes.