About Us
Diamond Light Source is one of the worlds most advanced scientific facilities. Were home to the UKs synchrotron light source a giant microscope producing beams of light 10 billion times brighter than the sun. Probing the structure and composition of matter, our work drives innovation in everything from vaccines to nanotech.
At Diamond we are currently undertaking a major upgrade of the facility, known as Diamond-II. Diamond-II will combine a new machine and new beamlines with a comprehensive series of upgrades to optics, detectors, sample environments, sample delivery capabilities and computing, which will ultimately generate an even more brilliant light source at a higher energy.
About the Role
We now have an opportunity for a Senior DevSecOps Engineer to provide technical leadership for implementing DevSecOps practices in the development of scientific software.
Accountabilities
- Analyse cutting edge and industry standard DevSecOps tools and practices in terms of potential use within the software development and deployment processes for Diamond-II. Promote use cases and solutions internally to Scientific Software Controls and Computing (SSCC) teams.
- Subject to the overall Diamond software architecture and strategy, collaborate with SSCC teams to establish policies for integrating security practices into the software development lifecycle.
- Take a hands-on approach in implementing security measures into CI/CD pipelines and workflows, including automated static code analysis, dynamic application security testing, secret scanning, vulnerability scanning.
- Coordinate relevant working groups or forums to identify security requirements, advise on appropriate course of action, and prioritise vulnerability remediation.
- Mentor and guide software engineers on best practices in DevSecOps including OWASP secure coding guidelines, fostering a culture of continuous improvement and security awareness.
- Deliver high quality reporting and professional advice, presenting findings to the Diamond-II Project and Diamond security team.
- Promote the implementation of DevSecOps to improve efficiency of software delivery lifecycle
About You
You will have a degree in engineering, computing, cyber security or relevant experience. Bring with you an experienced security vision and problem-solving mindset to the software lifecycle.
You will have the following:
Significant practical experience in implementing security controls integrating with CI/CD pipelines.
Proven experience with providing secure coding guidance to software engineers.
Expert knowledge of security standards including OWASP Top 10 application security risks, CIS benchmarks.
Experience with deploying and using code scanning tools such as SonarCloud, CodeQL, Snyk, OWASP ZAP.
Understanding of software design principles and patterns.
Experience of modern programming languages such as Python, Java, or Golang.
Benefits
Diamond offers an exceptional benefits package to support staff in achieving a positive work/life balance. This includes 26 days annual leave plus Christmas closure, public holidays, 2 annual volunteering days and flexible working hours. We also offer an excellent defined benefit pension scheme. Staff also have access to a range of amenities on site including a nursery, cafes, a restaurant and sports and leisure facilities. A relocation allowance may also be available where applicable.
We take an active approach to ensuring equality, diversity and inclusion are at the heart of our activities at Diamond, with a dedicated commitment to ensuring we provide a fulfilling and enjoyable place to work, where all staff feel valued and recognised for their individual contribution.
To Apply
Please use the online application process to apply and tell us why you believe you are suitable for this role.
Diamond is a thriving international organisation, attracting a diverse range of talented individuals from around the world. Our staff currently comprises 44 nationalities and we welcome applications from everyone interested in joining us.
The closing date for applications is 9th February 2025
JBRP1_UKTJ
