At a Glance
- Tasks: Drive application security and improve business measures in a dynamic media environment.
- Company: Major media & entertainment organisation with a focus on innovation.
- Benefits: Competitive daily rate, hybrid work model, and hands-on experience.
- Other info: Opportunity to work across diverse teams and enhance your technical skills.
- Why this job: Make a real impact on security in a fast-paced, collaborative setting.
- Qualifications: Strong DevSecOps background and experience with GitHub and CI/CD security.
We’re supporting a major media & entertainment organisation looking for a hands-on DevSecOps Engineer to drive application security and BAM (Business Application Measures) improvements across a large enterprise environment. This is a delivery-focused role where you’ll take ownership of security remediation activities, CI/CD security integration, GitHub governance, and DevSecOps tooling improvements across multiple critical systems. They need someone technical who can actively drive security controls from “agreed” through to implementation.
Key experience required:
- Strong DevSecOps / Application Security engineering background
- GitHub administration & GitHub Advanced Security (GHAS)
- CI/CD pipeline security integration
- SAST / DAST tooling (CodeQL, Semgrep, OWASP ZAP etc.)
- Secret scanning, dependency scanning, container & IaC scanning
- OIDC / short-lived credentials
- Security remediation & vulnerability management
- JIRA / Agile delivery environments
- Strong stakeholder management & delivery ownership
Nice to have:
- BAM / governance programme experience
- Datadog / SIEM / EDR exposure
- Pen testing remediation
- OWASP / Secure SDLC knowledge
- Cloud / container security exposure
The client is looking for someone proactive, organised, and technically strong who can operate across development, infrastructure, security, and operational teams whilst keeping delivery momentum moving.
Training Engineer employer: Norton Blake
As a leading player in the media and entertainment sector, we pride ourselves on fostering a dynamic work environment that champions innovation and collaboration. Our London-based team enjoys a hybrid working model, competitive daily rates, and ample opportunities for professional growth, ensuring that every employee can thrive while contributing to impactful security initiatives. Join us to be part of a culture that values technical excellence and proactive problem-solving, all while making a significant difference in a large enterprise setting.
StudySmarter Expert Advice🤫
We think this is how you could land Training Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your DevSecOps projects and contributions. This gives potential employers a tangible look at what you can do, especially with tools like GitHub Advanced Security.
✨Tip Number 3
Prepare for interviews by brushing up on your technical knowledge and soft skills. Be ready to discuss your experience with CI/CD security integration and how you've handled security remediation in past roles.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities that might just be the perfect fit for you. Plus, it’s a great way to get noticed by our hiring team.
We think you need these skills to ace Training Engineer
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your experience in DevSecOps and application security. We want to see how your skills align with the job description, so don’t be shy about showcasing your GitHub administration and CI/CD pipeline security integration expertise!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re the perfect fit for this role. We love seeing candidates who can articulate their passion for security and how they’ve driven improvements in previous roles.
Showcase Your Technical Skills:Don’t forget to mention your hands-on experience with tools like CodeQL, Semgrep, and OWASP ZAP. We’re looking for someone who can hit the ground running, so make sure we know about your technical prowess right from the start!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Norton Blake
✨Know Your Tech Inside Out
Make sure you’re well-versed in the key technologies mentioned in the job description, like GitHub administration and CI/CD pipeline security. Brush up on your knowledge of SAST/DAST tools like CodeQL and OWASP ZAP, as you might be asked to discuss how you've used them in past projects.
✨Showcase Your Delivery Focus
This role is all about delivery ownership, so be prepared to share specific examples of how you've driven security remediation activities in previous roles. Highlight your experience in Agile environments and how you’ve managed stakeholders to keep projects on track.
✨Demonstrate Proactivity
The client is looking for someone proactive, so think of instances where you took the initiative to improve security measures or streamline processes. Be ready to discuss how you identify vulnerabilities and implement solutions before they become issues.
✨Prepare Questions That Matter
Have a few insightful questions ready that show your interest in the company’s security practices and governance programmes. This not only demonstrates your enthusiasm but also gives you a chance to assess if the role aligns with your career goals.
