DevSecOps Manager to Deriv

Devops Manager
If you want to make an international career then this is your chance. You will be employed by our client Deriv with full relocation package.
Why work at Deriv ?
Deriv Group is one of the largest brokers in the world, with over 1,200 team members and 20 global offices. In a journey spanning more than 22 years, we have designed and implemented proprietary trading products and services, growing our markets to over 2.5 million customers worldwide. Our mission has remained the same throughout: to make trading accessible to anyone, anywhere. Deriv Life and Deriv Careers illustrate our focus on client satisfaction, excellence, innovation, and, most importantly, integrity. Join us to experience the excitement of a fast-paced, collaborative environment where we challenge ourselves to push the boundaries of what's possible in the fintech industry.


Your role An opportunity to lead a growing team empowered to incorporate security into our software development process. In this challenging and rewarding role, you and your team will be responsible for designing and implementing systems to ensure that security and privacy are treated as first class citizens. By working closely with the software development, security, and operations teams, you will help to improve processes, tools, and culture to ensure that security is treated as a shared responsibility. Through your efforts, our continuous integration and continuous delivery (CI/CD) are done securely. As a DevSecOps manager at Deriv, you will have the opportunity to make a real impact on our company's success. You will have the chance to work on cutting-edge technologies and stay up-to-date with the latest DevSecOps best practices. If you are technical, highly skilled and motivated with a passion for building secure, scalable, and reliable systems, apply for this role to take on a new challenge and make a real difference.
Your challenges
● Collaborate with Development and Operations teams to integrate security and privacy into all aspects of the software development lifecycle
● Automate security testing at every opportunity into our continuous integration and delivery pipelines
● Develop, monitor and maintain security configurations for our various products, applications and Cloud infrastructure
● Provide regular guidance and training on secure coding and best practices to various teams
● Shape the future by developing a security strategy and roadmap in line with business needs and priorities with continuous improvement as a priority
● Create security standards for the product development organisation
● Utilise tools and strategies as appropriate to benefit the team and the organisation
● Define test strategies, models and frameworks to ensure the security, privacy, quality and compliance of our products toolsets and environments are met
● Act as the technical authority for DevSecOPS and advisor to other teams
● Respond to and manage security incidents, such as data breaches or cyber-attacks, immediately and effectively
● Collaborate with the wider security team to build a culture of security within the organisation and share ideas, tools, and processes


What you have
● Experience leading a DevSecOPS team of architects and engineers, ideally global
● The ability to operate at a deep hands-on technical level (e.g. having worked as a DevSecOPS engineer or similar previously)
● In-depth knowledge of Public Cloud Security and their core components including EC2, EKS, AWS Networking (Subnetting, Route Tables, SG’s, VPC, VPC Peering, NACLS, VPN), RDS, Storage (S3, EBS), SSO, and Federation
● Confident in discussing all AWS features and aspects, address security concerns surrounding each, and provide preventive solutions for securing each component both individually and as a part of a complex setup
● Demonstrable experience with security incident response procedures, including managing past incidents and creating automated processes to notify teams and gather information about security incidents
● University degree in computer science or a related field
● Strong understanding of software development, security, operations principles and best practices ● Proficiency in one or more programming languages (e.g. NodeJS, Perl, C++)
● Experience with DevOps tools and best practices (e.g. Git, Jenkins, CircleCI, Ansible)
● Knowledge of security and privacy principles including best practices (e.g. authentication, authorization, encryption, GDPR)
● Strong problem-solving skills
● Experience with security standards such as ISO27001, SOC2, PCI-DSS
● Excellent spoken and written English communication skills