Infrastructure Security TesterConsultant

Our Testers work with project teams to ensure software quality through systematic test planning execution and defect tracking ensuring functionality performance and reliability of applications before deployment. With deep knowledge of various types of applications databases and operating systems they maintain high standards of product excellence and user satisfaction. 

We are looking for an Infrastructure Security Tester/Consultant to join our security testing team and help assess the resilience of cloud-native platforms and modern infrastructure environments.

This role is suitable for experienced security testers as well as infrastructure cloud platform DevOps or SRE engineers who are passionate about security and would like to develop their career in security testing.

You will perform security assessments across cloud platforms Kubernetes containers Infrastructure as Code (IaC) CI/CD pipelines identity and access management secrets management encryption and monitoring controls. Working alongside experienced security professionals you will help identify security risks validate security controls support remediation efforts and contribute to secure infrastructure design practices.

Responsibilities

• Perform infrastructure security assessments across cloud containerized and Kubernetes-based environments.
• Review Infrastructure as Code (Terraform Bicep ARM Helm Kubernetes manifests or similar) to identify security risks and misconfigurations.
• Assess CI/CD pipelines secrets management processes encryption controls logging monitoring and access management practices.
• Validate Kubernetes and container security controls including workload isolation RBAC network policies and runtime security.
• Retest remediated findings and verify the effectiveness of implemented controls.
• Produce clear evidence-based findings risk assessments and remediation recommendations.
• Support engineering and architecture teams with practical guidance on infrastructure hardening and secure-by-design principles.

Qualifications :

• 8 years of experience
• Experience in infrastructure security testing within cloud-native environments.
• Strong understanding of Kubernetes containers cloud security and Infrastructure as Code.
• Experience assessing CI/CD security identity and access management secrets management and encryption controls.
• Familiarity with infrastructure monitoring logging and security telemetry.
• Ability to communicate technical findings clearly to both technical and non-technical stakeholders.
• Experience working collaboratively with engineering DevOps and architecture teams.
  
  Nice to have:
  Experience with any of the following would be useful:
• Container and image scanning tools such as: Trivy Grype Syft Clair Anchore Tenable Snyk Aqua Prisma Cloud Microsoft Defender for Cloud.
• Kubernetes posture and hardening tools such as: kube-bench Kubescape Polaris kube-score Trivy K8s Wiz Aqua Sysdig Secure Microsoft Defender for Cloud.
• IaC security tools such as: Checkov Terrascan tfsec OPA/Conftest Snyk Prisma Cloud Wiz Checkmarx Tenable Cloud Security.
• Service mesh and traffic validation tools such as: Istio Cilium/Hubble tcpdump Wireshark Datadog Dynatrace.
• Cloud posture tools such as: Checkov Prowler Tenable Wiz Prisma Cloud Microsoft Defender for Cloud Lacework.

Additional Information :

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package share plan company performance bonuses value-based recognition awards referral bonus;   
• Career Development: Career coaching global career opportunities non-linear career paths internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects rotations internal tech communities training certifications coaching online learning platforms subscriptions pass-it-on sessions workshops conferences;
• Work-Life Balance: Hybrid work and flexible working hours employee assistance programme;
• Health: Global internal wellbeing programme access to wellbeing apps;
• Community: Global internal tech communities hobby clubs and interest groups inclusion and diversity programmes events and celebrations.

At Endava were committed to creating an open inclusive and respectful environment where everyone feels safe valued and empowered to be their best. We welcome applications from people of all backgrounds experiences and perspectivesbecause we know that inclusive teams help us deliver smarter more innovative solutions for our customers. Hiring decisions are based on merit skills qualifications and potential. If you need adjustments or support during the recruitment process please let us know.

Remote Work :

No

Employment Type :

Full-time