Insignia Financial Helping Australians secure their financial wellbeing.
The opportunity to join our team
We are excited to offer a new opportunity for a DevSecOps Manager to join our Cyber Security team at Insignia Financial. As we grow our cyber security initiatives to protect our valuable information assets and ensure compliance with regulatory requirements, this role will be key in embedding security throughout our development processes, with a major focus on CI/CD and DevSecOps. Building and maintaining security pipelines with tools like Jenkins or GitHub, specifically focusing on hardening web applications.
Key Responsibilities include:
Lead Secure SDLC Governance: Design and enforce a secure SDLC framework, ensuring security practices are embedded across all development phases—whether agile, waterfall, or hybrid. Integrate Security into CI/CD: Collaborate with DevOps to seamlessly embed security checks, automated testing, and real-time monitoring into our CI/CD pipelines. Promote DevSecOps: Be the advocate for DevSecOps, promoting collaboration between dev, ops, and security teams while offering training on secure coding and security-as-code. Verify Security Controls: Ensure that implemented security controls are robust, mitigating real-world cyber threats through rigorous testing, assessments, and audits. Embrace Collaboration: Build strong relationships with cross-functional teams, communicating security risks and solutions to both technical and non-technical stakeholders. Leverage experience with threat modelling frameworks and approaches to implement a threat-driven strategy in establishing SDLC governance and secure coding practices. What you will bring:
Proficient in secure coding practices and leveraging SAST, DAST, and SCA tools like Dependabot, NexusIQ, and Sonarqube to identify and mitigate vulnerabilities in applications, including SQL injection, cross-site scripting, etc. A passion for weaving security into every stage of development, embracing DevSecOps principles, and driving secure practices across teams. Strong interpersonal skills to collaborate effectively with developers, project managers, and cross-functional teams, and the ability to proactively influence stakeholders to achieve better security practices/outcomes. Familiarity with security frameworks and regulations like NIST, ISO 27001, and other industry standards. Bonus points for holding certifications like CISSP, CSSLP, Certified Kubernetes App Developer (CKAD), CKS / CKA and AWS Certified DevOps Engineer. A degree in Computer Science, Information Security, or equivalent experience. If this sounds like your kind of career, you sound like our kind of person. With us, you'll do work that builds your technical know-how and challenges our entire industry to move forward. Along the way, you'll be free to explore new ideas and technology, solve problems in a team, and independently to get great things done.
Applicants will be required to provide evidence of their eligibility to work in Australia, and at a minimum be required to undertake police and basic credit checks as a condition of employment.
#J-18808-Ljbffr