DevOps Security Engineer- R&D Tech

工作内容

GSK is one of the world’s foremost pharmaceutical and healthcare companies, and we are proud to be part of an industry that improves the lives of others. We are embarking on a significant transformation journey that will support GSK in becoming a top-quartile data-enabled organisation.

Now is an exciting time to join R&D Tech organization and drive a change in the way we use technology and how we ensure the security of our data assets and patients. The Lead DevSecOps Security Engineer will play significant role hands on capability build for both on-prem and cloud based security across Product Teams within R&D, they will be responsible for enabling, advising, coaching and technical implementation of our DevSecOps stack. The Lead DevSecOps Security Engineer has accountability across Product Teams for implementation & continuous improvement of R&D Tech systems so they align with Agile and DevSecOps Principles. They must demonstrate a wide range of engineering competencies across Security, Software Development, Testing, Infrastructure Deployment & Monitoring (Both On-Prem & Cloud), Data Science/Analytics and Lifecycle Management.

This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following.

• Evangelize Cybersecurity Standards, Processes and Assets to protect GSK Data and Assets

• Ensure that Security Standards, Processes and Re-usable assets are being adopted by Product Team. Covering both Cloud, On-Prem, SaaS, PaaS and IaaS.
• Initiate Security and Maturity Assessments on both Product Teams and Individual Products.
• Provide clear guidance to Product Teams and self-service collateral so that Product Teams have a concise resource to pull from when adopting DevSecOps.

• Enable transformation through re-usable components

• Create self-service re-usable components and cloud infrastructure so that Product Teams can easily implement DevSecOps tooling into their software development life-cycle.
• Ensure that teams are provided with capability that covers both Active and Passive Security Techniques, covering Identify Management, Session Management, Data Security, Configuration and Deployment Management etc.
• Collaborate across the organization so that all components and provided meet industry standards and regulatory requirements, automatically generating the documentation in a compliant and seamless manner.
• Demonstrate Technical Excellence within Cybersecurity
• Participating in PI Planning Events and Technical Assessments to ensure your knowledge and experience is distributed across the organization and other engineers are upskilled.
• Build strong trusted, working relationships with TSR to help them work together as a high performing organization.

• Enable visibility and stakeholder collaboration by building and sharing partnerships across the organization.

• Create visualization and dashboarding so that the maturity and security position of Product Teams is visible and clear across all levels of a Products hierarchy. (Individual Product, Product Family, Solution Group, Business Unit)
• Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizationsso that real-time identification of issues can be performed.

• Enable visibility and stakeholder collaboration by building and sharing partnerships across the organization.

• Create visualization and dashboarding so that the maturity and security position of Product Teams is visible and clear across all levels of a Products hierarchy. (Individual Product, Product Family, Solution Group, Business Unit)
• Deploy, Maintain and Support Log Aggregation, Vulnerability and Threat Detection Solutions with associated visualizationsso that real-time identification of issues can be performed.

We are looking for a Engineer, R&D Tech DevOps and if you have these skills, we would like to speak to you.

• Experience of at least one cloud platform (Azure, GCP, AWS etc).
• Experience of at CI-CD Pipeline implementation and at least one tool (Azure Pipelines, Jenkins, TeamCity etc)
• Experience in at least one scripting language (Bash, Python, Ruby etc)
• Experience containerization and Kubernetes
• Experience of automating and templating security processes and documentation for compliance purposes.
• Min of 3 years experience hands on experience covering the likes of vulnerability assessments, data privacy, identify access management etc
• Experience of at least 2 active and passive security tooling (OWASP ZAP, Veracode, Checkmarx, Fiddler etc)
• Experience of at least one Infrastructure as Code solution (Terraform, SCALR, Ansible, Chef etc).

Why GSK?

Our values and expectations are at the heart of everything we do and form an important part of our culture. These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance and trust, the successful candidate will demonstrate the following capabilities.

Job Type: Full-time

Salary: From ₹1,800,000.00 per year

Schedule:

• Day shift
• Monday to Friday

Experience:

• total work: 6 years (Preferred)
• DevOps: 5 years (Preferred)
• Security: 3 years (Preferred)

Work Remotely:

• Temporarily due to COVID-19