At a Glance
- Tasks: Drive application security and improve business measures in a dynamic media environment.
- Company: Major media & entertainment organisation with a focus on innovation.
- Benefits: Competitive daily rate, hybrid work model, and hands-on experience.
- Other info: Proactive role with opportunities for growth across multiple teams.
- Why this job: Make a real impact on security in a large enterprise setting.
- Qualifications: Strong DevSecOps background and experience with GitHub and CI/CD security.
We’re supporting a major media & entertainment organisation looking for a hands-on DevSecOps Engineer to drive application security and BAM (Business Application Measures) improvements across a large enterprise environment. This is a delivery-focused role where you’ll take ownership of security remediation activities, CI/CD security integration, GitHub governance, and DevSecOps tooling improvements across multiple critical systems. They need someone technical who can actively drive security controls from “agreed” through to implementation.
Key experience required:
- Strong DevSecOps / Application Security engineering background
- GitHub administration & GitHub Advanced Security (GHAS)
- CI/CD pipeline security integration
- SAST / DAST tooling (CodeQL, Semgrep, OWASP ZAP etc.)
- Secret scanning, dependency scanning, container & IaC scanning
- OIDC / short-lived credentials
- Security remediation & vulnerability management
- JIRA / Agile delivery environments
- Strong stakeholder management & delivery ownership
Nice to have:
- BAM / governance programme experience
- Datadog / SIEM / EDR exposure
- Pen testing remediation
- OWASP / Secure SDLC knowledge
- Cloud / container security exposure
The client is looking for someone proactive, organised, and technically strong who can operate across development, infrastructure, security, and operational teams whilst keeping delivery momentum moving.
Server Engineer - Windows employer: Norton Blake
Join a leading media and entertainment organisation that prioritises innovation and security in a dynamic London-based environment. As a Server Engineer, you'll benefit from a collaborative work culture that fosters professional growth through hands-on experience with cutting-edge technologies and methodologies. With a focus on employee development and a commitment to work-life balance, this role offers an exciting opportunity to make a meaningful impact while enjoying the flexibility of a hybrid working model.
StudySmarter Expert Advice🤫
We think this is how you could land Server Engineer - Windows
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already working in DevSecOps. Attend meetups or webinars, and don’t be shy about sliding into DMs on LinkedIn. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects related to application security and CI/CD integration. This is your chance to demonstrate your hands-on experience with tools like CodeQL and OWASP ZAP. Let your work speak for itself!
✨Tip Number 3
Prepare for interviews by brushing up on common DevSecOps scenarios. Be ready to discuss how you’ve driven security controls from agreement to implementation. Use real examples from your past experiences to illustrate your problem-solving skills and technical prowess.
✨Tip Number 4
Don’t forget to apply through our website! We’re always on the lookout for talented individuals like you. Plus, it’s a great way to ensure your application gets the attention it deserves. Let’s get you that job!
We think you need these skills to ace Server Engineer - Windows
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your experience in DevSecOps and application security. We want to see how your skills align with the job description, so don’t be shy about showcasing your GitHub administration and CI/CD pipeline security integration expertise!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re the perfect fit for this role. We love seeing candidates who can articulate their passion for security-led delivery and how they’ve driven security improvements in past roles.
Showcase Your Technical Skills:Don’t forget to mention your hands-on experience with tools like CodeQL, Semgrep, and OWASP ZAP. We’re looking for someone who can hit the ground running, so make sure we know about your technical prowess right from the start!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Norton Blake
✨Know Your Tech Inside Out
Make sure you’re well-versed in the key technologies mentioned in the job description, like GitHub Advanced Security and CI/CD pipeline security. Brush up on your knowledge of SAST/DAST tools like CodeQL and OWASP ZAP, as you might be asked to discuss how you've used them in past projects.
✨Showcase Your Delivery Focus
This role is all about delivery ownership, so be prepared to share specific examples of how you've driven security remediation activities or integrated security into CI/CD processes. Use the STAR method (Situation, Task, Action, Result) to structure your answers and highlight your impact.
✨Demonstrate Stakeholder Management Skills
Since strong stakeholder management is crucial, think of instances where you’ve successfully collaborated with different teams. Be ready to explain how you navigated challenges and kept everyone aligned on security goals, showcasing your proactive and organised approach.
✨Prepare Questions That Matter
Interviews are a two-way street, so come armed with thoughtful questions about the company’s security culture, their current DevSecOps practices, and how they measure success in this role. This shows your genuine interest and helps you assess if it’s the right fit for you.
