DevSecOps Engineer

Role Title : DevSecOps Engineer

Team : Global

Reports to : Head of DevSecOps

Location : Remote / UK - once a quarter in office

We are seeking a skilled DevSecOps Engineer to join our dynamic team. This role will focus on integrating security practices within the DevOps process, ensuring that security is a fundamental aspect of our software development lifecycle. The ideal candidate will collaborate closely with the DevOps Tooling & Policy Lead to implement CI / CD practices, automate processes, and enhance the overall security posture of our applications.

• Collaborate with the DevOps Tooling & Policy Lead to design, implement, and maintain robust CI / CD pipelines to automate the software delivery process.
• Integrate testing, security, and deployment processes to ensure high-quality releases.
• Establish and document repeatable patterns for deployment, configuration, and monitoring to enhance efficiency.
• Identify opportunities for automation in security testing and compliance checks.
• Develop solutions to enhance the DevSecOps process, integrating tooling to drive value and enhance developer experience.

• Partner with development teams to identify bottlenecks in the SDLC and implement solutions to streamline workflows.
• Provide guidance on best practices for version control, secure coding, and branching strategies.
• Assist development teams onboard to standardised DevOps patterns and processes.

• Evaluate and recommend tools and technologies that can enhance the CI / CD process and overall developer experience.
• Stay up to date with industry trends and emerging technologies to continuously improve practices.

• Develop comprehensive documentation on security and DevOps practices, making it easily accessible to development teams.
• Contribute to workshops and knowledge-sharing sessions to educate developers on secure coding practices and the importance of security in development.
• Assist with the onboarding of projects and teams to the centralised DevSecOps tooling and CI / CD templates.

• Proven experience of DevSecOps and Agile software delivery.
• Strong understanding of the SDLC, Agile, DevOps, and DevSecOps principles.
• Familiarity with modern security practices, tools, and standards (e.g., OWASP, NIST).
• Technical knowledge of cloud environments (AWS, Azure, GCP), containerisation (Docker, Kubernetes), and CI / CD pipelines.
• Excellent communication skills, with the ability to articulate DevSecOps concepts to technical and non-technical stakeholders.

• Certifications in cloud technologies (AWS Certified, Azure Security Engineer).
• Experience in leveraging tools for security monitoring and threat detection.
• Experience implementing re-usable pipelines using CI / CD tooling (Gitlab CI / Github Actions / Argo CD / Concourse).
• Familiarity with secure coding principles, application and infrastructure security best practices.