Marex is a diversified global financial services platform, providing essential liquidity, market access, and infrastructure services to clients in the energy, commodities, and financial markets.
The Group provides comprehensive breadth and depth of coverage across four core services: Market Making, Clearing, Hedging and Investment Solutions, and Agency and Execution. It has a leading franchise in many major metals, energy, and agricultural products, executing around 50 million trades and clearing 205 million contracts in 2022. The Group provides access to the world's major commodity markets, covering a broad range of clients that include some of the largest commodity producers, consumers and traders, banks, hedge funds, and asset managers.
Marex was established in 2005 but through its subsidiaries can trace its roots in the commodity markets back almost 100 years. Headquartered in London with 36 offices worldwide, the Group has over 1,800 employees across Europe, Asia, and America.
For more information visit .
As a DevSecOps Engineer, you will play a critical role in integrating security into every phase of our software development lifecycle. You will be responsible for designing, implementing, and managing security automation within DevOps processes, ensuring our infrastructure, code, and applications are secure by design. This role requires close collaboration with development, operations, and security teams to foster a culture of security without compromising speed and agility.
Responsibilities: - Implement and manage security testing tools (SAST, DAST, etc.) within CI/CD pipelines to ensure vulnerabilities are detected and addressed early in the development lifecycle.
- Secure our cloud infrastructure (AWS and Azure), including managing identity and access, network security, encryption, and monitoring for threats.
- Automate security tasks such as vulnerability scans, compliance checks, and threat detection using scripting (Python and Powershell) and DevOps tools (Bitbucket Pipelines, GitHub CI/CD etc).
- Ensure security in our infrastructure deployments using IaC tools Terraform and Ansible. Conduct security audits on infrastructure code.
- Secure containerized environments (Docker, Kubernetes) by implementing best practices for image scanning, runtime security, and orchestrator security.
- Monitor for security threats, analyze incidents, and work with the incident response teams to mitigate risks. Ensure robust logging and monitoring practices are in place.
- Work closely with developers and operations teams to promote security best practices without disrupting the DevOps workflow.
- Stay up to date with the latest security threats, vulnerabilities, and tools. Continuously enhance security measures and DevSecOps processes to keep up with the evolving landscape.
- Carry out R&D to discover opportunities for innovation.
- Capture, track and report on usage metrics across the technology estate, to assist in measuring success and decision making.
- Arrange knowledge workshops and training.
- Capture security architecture decisions made along with context and consequences.
- Follow the change approval process on implementation.
- Work weekends or outside normal working hours as necessary to avoid business impact when implementing solutions.
Skills and Experience: Essential: - Strong understanding of security principles, vulnerability management, encryption, authentication, and identity management.
- Ability to work cross-functionally with development, operations, and security teams. Strong communication skills to advocate for security best practices.
- Strong knowledge of DevOps tools like Bitbucket Pipelines, Github Actions, GitLab CI, CircleCI, or similar.
- Experience with cloud platforms, AWS or Azure.
- Expertise in containerization and orchestration tools (Docker, Kubernetes) and their security.
- Proficiency in scripting languages Python or Powershell for automation.
- Experience with IaC tools Terraform and Ansible.
- Familiarity with security tools like SAST, DAST, vulnerability scanners, and SIEM solutions.
Desirable: - Working in a regulated environment and knowledge of the risk and compliance requirements associated with this.
- Security certifications like Certified Information Systems Security Professional (CISSP), AWS Certified Security Specialty, or similar.
- Experience with security tools such as Snyk, SonarQube, or similar.
- Experience with Splunk.
Competencies: - A collaborative team player, approachable, self-efficient, and influences a positive work environment.
- Demonstrates curiosity.
- Resilient in a challenging, fast-paced environment.
- Ability to take a high level of responsibility in a fast-paced and high-volume environment.
- Excels at building relationships, networking, and influencing others.
- Strategic collaborator with insight and agility, able to anticipate future challenges, ensuring operational effectiveness.
If you're forging a career in this area and are looking for your next step, get in touch!
Marex is fully committed to being an inclusive employer and providing an inclusive and accessible recruitment process for all. We will provide reasonable adjustments to remove any disadvantage to you being considered for this role. We value the differences that a diverse workforce brings to the company. We welcome applications from candidates returning to the workforce.
#J-18808-Ljbffr