DevSecOps Architect / Consultant - Outside IR35

Outside IR35, Senior DevSecOps Architect / Consultant, hybrid, ISO 27001

My client is looking for a Senior DevSecOps Architect / Consultant to lead governance, architecture guidance, and assurance for cloud and infrastructure security across Microsoft Azure, AWS, and key SaaS platforms. This is a hybrid role, so you need to be flexible to attend meetings and workshops. This role is pivotal in defining technical blueprints, setting security standards, and ensuring regulatory compliance with Cyber Essentials Plus, ISO 27001, and Zero Trust principles. You will work closely with IT and platform teams to embed best practices, validate implementations, and support audit readiness across IaaS, PaaS, and SaaS environments.

Responsibilities

• Define and maintain multi-cloud security standards and reference blueprints (e.g. Azure Policy/Initiatives, AWS Control Tower/SCPs)
• Own security architecture patterns and contribute to HLD/LLD, threat models, and risk assessments
• Set assurance criteria and control evidence requirements for internal teams and third-party vendors
• Establish policy-as-code requirements and maintain an exceptions register with expiry and risk ownership
• Define identity and access control standards (Entra ID Conditional Access, MFA, PIM; AWS IAM federation)
• Govern SaaS security onboarding (SSO, OAuth governance, DLP controls, vendor assessments)
• Specify telemetry and logging requirements for Microsoft Sentinel/SOC and review analytics/reporting
• Lead compliance mapping for ISO 27001 and curate audit-ready evidence packs
• Chair Cloud & Platform Security design reviews and participate in CAB for risk appraisal
• Strong regulatory sector experience
• Educate and influence teams through guidance, clinics, and coaching sessions
• Familiarity with IaaS, PaaS, SaaS risk models and audit frameworks
• Excellent written communication and facilitation skills to drive adoption and influence stakeholders

Required Skills

• Experience with blueprint catalogues and architecture governance processes
• Working knowledge of containers/Kubernetes (AKS/EKS) policy models
• Azure: Policy/Initiatives, Defender for Cloud, Entra ID, PIM
• AWS: Control Tower, SCPs, Security Hub, GuardDuty, IAM
• Security & Monitoring: Microsoft Sentinel (KQL), Defender XDR, audit dashboards
• Documentation & Governance: Blueprint repositories, risk registers, ITSM/CAB records

If this role sounds of interest please send me your cv for review ASAP