About the Role
You'll be joining the Crypto Facilities (trading as Kraken Futures, KF) engineering team to provide software engineering and cloud infrastructure support and advice across the London-based cryptocurrency futures and indices businesses, as well as becoming part of the global (and world-class) Security Operations team.You'll be a member of a 2-3 FTE DevSecOps team, and will be expected to contribute and learn across the full cloud engineering stack. You will be (or will become) a "T-shaped" individual with enormous potential to further your career in the burgeoning DevSecOps domain, with the guidance of industry leaders in Security and DevOps, and alongside a mature team of true polyglots and talented microservices developers.
Responsibilities - This is a dynamic role in a fast-changing business - but for example:
- Building application security processes and pipelines to contribute to the KF Development team's move to true Continuous Delivery and Continuous Improvement;
- Implementing "SAST" and "DAST" systems with the wider Kraken team and/or the Kraken Futures team;
- Implementing secrets management for cloud applications as part of the Kraken Futures DevSecOps team
- Working with the global team on Identity and Access Management projects and integration for Enterprise applications;
- Relating Kraken Futures business processes and requirements to Kraken controls and policies;
- Becoming an active part of the on call and disaster recovery structures within Crypto Facilities;
- Deputizing for the CISO and /or fulfilling DevOps responsibilities for the Development teams to cover absence, and to a certain extent capacity issues.
Requirements - Technical
- Code (or script) in at least one modern application development or utility language;
- Use Source Code Management and Document Management Systems to organize business function tasks and publish relevant material;
- Be a competent Linux user;
- Know how to build, run and deploy secure Docker containers;
- Be aware of how containers and microservices are configured, and can be secured and orchestrated, in particular using Kubernetes;
- Use open source tooling to programmatically test and verify the safety and integrity of bespoke software;
- Analyze data sets and produce reports using basic tools (e.g. SQL, POSIX stream processing tools, spreadsheets, ODBC, Python);
- Understand principles around secure Identity Management and Authentication;
- Understand the implementation of secure messaging systems in the context of privacy awareness, including GPG and encrypted instant messaging;
- Have a good basic comprehension of computer networks, the Internet, and supporting systems such as web servers and proxies;
- Understand DNS, SSL/ TLS, and how traffic on IP networks establishes end-to-end security and trust.
Requirements - Administrative and Security
- Work highly independently, with multiple stakeholders outside of the formal management structure;
- Write good quality policies, procedures and technical documentation;
- Nurture security awareness in the organization, produce material to support this, and relate this to the current threat landscape;
- Be familiar with risks introduced to organization by third parties, and processes to mitigate these;
- Take a risk-based approach to all facets of information security;
- Have a "finger on the pulse" of current challenges and exploits in the ecosystem;
- Be an active participant in a truly world class global security organization.
Qualifications (and supplementary industry expertise)
- A degree from an accredited institution, or equivalent relevant experience alongside a good level of general education;
- Optional: relevant and well-regarded certifications in cloud computing such as CKA (Certified Kubernetes Administrator), AWS Professional or Specialty levels, Google Professional level;
- Optional: advanced security accreditation such as CISSP, OSCP, CASP, Security+.
Apply for the position on our Website: https://jobs.lever.co/kraken/7f823574-10aa-4df3-9495-c19a5255c06c