DevSecOps Engineer

SII Group delivers Digital Services, IT, Engineering, and Consulting to diverse industries, enabling digital transformation through our commitment to Growth, People, and CSR. With over 16,000 professionals across 21 countries, we're recognised as a "Great Place to Work" for fostering a high-trust culture. Our core values of Trust, Commitment, Accountability, Passion, Creativity, and Transparency drive our work package delivery, ensuring we meet and exceed client expectations as a committed partner. Since 2016, SII UK has supported top Aerospace & Defence, Aviation, Transportation, and Finance clients, empowering digital transformation with industry-leading engineering expertise. Let's Tech Together is our promise to encourage innovation and teamwork. We support our engineers with development opportunities and a collaborative, inclusive environment where every voice is valued and empowered.

SII UK is seeking an experienced DevSecOps Engineer to join our growing engineering team supporting secure software delivery across complex systems. This role will focus on integrating security practices into the full software development and operational lifecycle, ensuring that all solutions are robust, compliant, and resilient from design through deployment.

• Integrate security requirements into both Agile user stories and traditional requirement specifications.
• Collaborate closely with software, systems, QA, and operations teams to embed security throughout the development lifecycle.
• Design, implement, and maintain automated security scanning in CI/CD pipelines (including SAST, DAST, SCA, and IaC tools).
• Integrate security checks into development workflows across both Agile sprints and non-Agile release cycles.
• Support the migration of legacy repositories and systems into Bitbucket and other modern development environments.
• Lead or contribute to threat modelling, design reviews, and risk assessments for new and existing software solutions.
• Establish and enforce secure coding standards; conduct regular code and dependency reviews.
• Coordinate and oversee vulnerability assessments and penetration testing activities.
• Implement and manage automated scanning for Infrastructure-as-Code and cloud-based resources.
• Deploy and maintain security monitoring, alerting, and incident response mechanisms for applications and infrastructure.
• Conduct root cause analyses following incidents and apply lessons learned to improve processes.
• Deliver security awareness sessions and tool training to development teams, promoting a culture of "security by design".

• Proven experience in a DevSecOps, DevOps, or Security Engineering role.
• Strong hands‑on experience with security automation tools such as SAST, DAST, SCA, or IaC scanning solutions.
• Demonstrable experience integrating security into Agile (Scrum/Kanban) and Waterfall lifecycles.
• Proficiency in Python, Bash, PowerShell, or similar scripting languages for automation.
• Practical experience in CI/CD pipeline development using GitLab, Jenkins, or Azure DevOps.
• Solid understanding of secure software design principles, vulnerability management, and remediation processes.
• Experience with threat modelling, risk assessment, and secure architecture reviews.
• Knowledge of cloud security, Infrastructure-as-Code, and access control management.
• Excellent problem‑solving, analytical, and debugging skills.
• Strong communication and collaboration abilities across multidisciplinary teams.

• Industry certifications such as CISSP, CEH, OSCP, CKA, or equivalent.
• Experience with network and infrastructure security within complex system environments.
• Exposure to compliance and regulatory frameworks (e.g. ISO 27001, NIST, or equivalent).
• Familiarity with vulnerability assessment tools and penetration testing methodologies.
• Prior experience delivering security training or awareness programmes.
• Strong organisational skills and the ability to manage multiple priorities effectively.
• Proactive and methodical approach with a strong sense of ownership for system security and quality.

• Competitive Basic Salary
• 6% Employers Contribution + 6% as a salary sacrifice
• Private Medical Insurance, Life Cover and Income Protection
• 25 days holiday
• 5 days full sick pay per year
• Flexible working
• Cycle to Work & TechScheme
• Continuous professional development
• Corporate access to the Udemy platform

* If you're applying for a role requiring security clearance, please be aware that foreign or dual nationality is not an automatic bar, however certain posts may have restrictions which could affect those who do not have sole British nationality or who have personal connections with certain countries outside the UK.

http://www.groupe-sii.com/en

#LI-KW1