DevSecOps Tech Lead

Are you someone who has a passion for modern, shift-left security automation? Are you looking to play a founding role in a new team that’s going to have a big impact at a rapidly growing-scale up?

We're looking for a DevSecOps Tech Lead to join our engineering team, and help us launch and run our new security toolchain.

Requirements

• Demonstrable experience leading the design, development and operation of security tooling integrated into the software delivery lifecycle. Ranging from tactical to strategic, small to large, this may include pre-commit hooks and other local development tools, pre-build assessment like static and policy analysis, post-build tooling like dynamic analysis or artefact scanning.
• Infrastructure and application post-deployment security experience is also a plus, particularly within pre-production environments.
• Deep understanding of how developers deliver at scale using CI/CD
• Most importantly, you have a desire to learn, grow, work with an amazing team and deliver solutions
• An understanding that security is a team sport and a willingness to lead on the field and foster collaboration between the many teams involved in the SDLC of smart’s deployments.
• Strong communication skills and demonstrable background in getting things done

Extra points

• Significant commercial experience with front-end, back-end, or infrastructure development.
• Enjoy helping your team improve and become better Engineers and humans
• Previous experience working at a scale-up FinTech
• Previous experience in leading a team is useful

Responsibilities

• Develop or select and integrate new dev-facing security tooling based on business and engineering requirements, then sustain and evolve it as the Smart Platform grows.
• Empower our Engineering teams to take ownership of the security standards and practices of their code by:
  • Providing detailed, code level, security guidance to the teams
  • Working with teams to code review code for security vulnerabilities and embed/improve security threat modelling into the engineering process
  • Train developers on secure coding practices and share industry best practices
  • Oversee continuous code audits
• Lead a small agile engineering team as part of a wider Engineering organisation
• Directly engaged in projects and work alongside product owners, principal engineers and architects
• Help evolve development standards and practices
• Take architectural ownership of various critical components and systems
• Review Pull Requests from your team and provide feedback
• Work in a collaborative, agile team environment that is continuous improvement
• Help mentor and coach members of the team to deliver quality code and tools
• Overall responsible for the technical quality of what the team is producing!

Engineering at Smart

At Smart, we build working software that always works - and we do it fast! We’ve managed to thread the needle between speed and reliability, with double digit daily deploys into production and an exceptionally low rate of failure. Smart is disrupting an industry that has been particularly slow to adopt new technology. As a tech company (in culture, tools, and people) that does pensions, we’re uniquely positioned to shake things up!We have the benefit of having adopted many engineering best practices from day 1. Our approach to code is simple: keep it small, clean, and ensure it has thorough test coverage. We don't ship code just to hit a deadline. Pensions are a long game. We're handling peoples retirement income, so the stability, security and accuracy of our platform is everything. But we also recognise that being able to deliver change and innovation at pace are our secret sauce! Some interesting notes on the way we work:

• We built Smart on a monolith and we are shifting to a modular, Domain Driven approach to scale.
• We operate in 4 different countries at this time and plan to establish Smart in many more.
• We use AWS as our cloud provider, Github as our SCM and CI system, Datadog for monitoring. We use containers to deliver our applications.
• We are migrating from Heroku to EKS for our application platform and from AWS Codepipeline to Github Actions for our delivery pipelines.
• We work hard to maintain at least 96% test coverage of our application through collaboration and strong code review practices.
• We ship software continuously, releasing new features to production up to 30 times a day.
• We follow Agile practices and are developing a strengthening DevOps culture.
• We take career progression and personal development seriously, and offer ample opportunities for both.
• We value in diversity and inclusion, and it’s reflected in both our team shape and in how we spend our time. Over 80% of our Engineering team recently volunteered their time to be coaches at the recent Rails Girls London event – a free workshop aimed at making technology more approachable for women.
• We empower our engineers to propose new ideas. For instance, we run regular hackathons, and many of these ideas wind up being implemented and put into production!

About us

We're a diverse team at Smart, made up of people with backgrounds, experiences and skills. Our goal is to build great products to help people plan for their financial futures. We’re constantly developing new ideas to help people look after their pension schemes around the world. We’ve grown to a team of over 500 talented people, all dedicated to creating the best experience for our customers. If you think you can help us build a smarter future, come and work with us.

Smart Pension is committed to crafting an inclusive work environment with a diverse workforce. You will receive consideration for employment without regard to race, religion, gender, sexual orientation, national origin, disability or age.

Our Recruitment Data Policy is here. Please click on the link if you have any questions about how we store your data or to know your rights.

Benefits

• £500 personal training budget to spend on books, courses, conferences or training materials to help you develop.
• Health Insurance (via EquipsMe) including Dental, Eyecare and Employee Assistance Program.
• Death in Service via Unum (4 x Base Salary).
• Season ticket loans.
• 5 week sabbatical after 5 years.
• 25 days holiday per year plus bank holidays. 1 extra day holiday after 2 years and then every year up to a max of 30 days holiday.
• Enhanced maternity and paternity (maternity - 6 months fully paid / paternity - 3 weeks fully paid).
• Access to PerkBox.
• Access to Smart Rewards.
• Pension scheme via salary sacrifice. Smart will match your contributions up to 5% of your salary.
• Cycle to work scheme.
• Smart employees also enjoy a 50% discount on orders from our sister company Arena Flowers, Britain's most ethical florist. They offer unique hand-tied bouquets, luxury flowers, letterbox flowers, plants and gifts to spend on friends and loved ones or even for yourself.