DevSecOps Lead

Location: London

Duration: Contract

We are seeking a highly experienced DevSecOps & IaC Lead to drive enterprise-wide DevSecOps transformation and Infrastructure-as-Code implementation during the migration of large-scale on-prem systems to AWS cloud. This role requires deep expertise across CI/CD pipelines, security automation, cloud-native DevOps tooling, third-party DevSecOps platforms, and large-scale IaC governance.

The ideal candidate will lead cross-functional engineering teams, define DevSecOps strategy, enforce secure-by-design principles, and ensure seamless DevSecOps operations across hybrid and cloud environments.

• Lead the DevSecOps transformation for applications and platforms migrating from on-prem to AWS.
• Build a roadmap for CI/CD modernization, security automation, and cloud-ready pipelines.
• Ensure DevSecOps practices support lift & shift, replatforming, containerization, and modernization migration patterns.
• Collaborate with cloud, application, SRE, and security teams to ensure DevSecOps maturity improves during and after migration.

• Define enterprise IaC standards using tools such as Terraform, CloudFormation, CDK, Ansible, and GitOps practices.
• Lead IaC implementation for AWS landing zones, networking, security, containers, and application infrastructure.
• Establish modular IaC patterns, reusable blueprints, guardrails, and governance frameworks.
• Drive full lifecycle IaC adoption: provisioning → configuration → drift control → compliance.

• Architect and integrate DevSecOps toolchains across cloud and on-prem ecosystems, including:
  • CI/CD: GitHub Actions, GitLab, Jenkins, Azure DevOps
  • Security: Snyk, Checkmarx, SonarQube, Prisma Cloud, Aqua, Twistlock
  • Containers: EKS, ECS, ECR, Helm, ArgoCD, Flux
  • Secrets & identity: AWS Secrets Manager, HashiCorp Vault
  • Compliance: AWS Security Hub, GuardDuty, OPA/Conftest, Checkov
• Ensure deep integration between security scanning, artifact repositories, code quality, and deployment automation.

• Implement "security-by-default" and "shift-left" practices across the software lifecycle.
• Automate:
  • SAST/DAST
  • Dependency & container image scanning
  • Policy-as-code (Rego/OPA)
  • Secrets scanning
  • Infrastructure compliance
• Establish secure CI/CD pipeline patterns covering application, container, and infrastructure layers.

• Partner with SRE, platform, and cloud teams to embed monitoring, logging, tracing, and auditability into pipelines.
• Implement automated quality gates, blue-green/canary deployments, and progressive delivery strategies.
• Standardize operational best practices through automation, runbooks, and deployment frameworks.

• Ensure all DevSecOps and IaC pipelines comply with enterprise security, audit, and regulatory requirements.
• Define DevSecOps maturity KPIs (deployment frequency, MTTR, security findings, drift metrics).
• Build automated governance controls for release management, security enforcement, and compliance checks.
• Drive adoption of secure cloud operating models across all stakeholders.

• Lead cross-functional DevSecOps squads and mentor engineers on DevSecOps, IaC, and cloud automation practices.
• Work with program managers to ensure DevSecOps readiness across all migration waves.
• Communicate progress, risks, and technical decisions to senior leadership and architecture boards.
• Provide strategic input on enterprise cloud engineering standards and transformation roadmap.

• 14+ years of experience in DevOps, platform engineering, cloud automation, or infrastructure engineering.
• Strong hands-on experience with AWS cloud services, CI/CD, IaC, and security automation.
• Expertise in:
  • Terraform, CloudFormation, CDK, Ansible
  • Docker, Kubernetes, EKS/ECS, Helm, GitOps
  • GitHub/GitLab/Azure DevOps/Jenkins pipelines
  • Security tools: Snyk, Checkmarx, SonarQube, Prisma Cloud, Vault
  • Logging/observability platforms (CloudWatch, ELK, Datadog)

• Strong understanding of cloud security principles: IAM, KMS, encryption, zero trust, least privilege.
• Experience implementing policy-as-code and pipeline security controls.
• Understanding of CIS benchmarks, NIST, ISO27001, compliance frameworks.

• Direct experience supporting large-scale on-prem to AWS migrations.
• Strong understanding of migration waves, application onboarding, and pipeline modernization.

• Excellent communication and architectural documentation abilities.
• Experience leading multi-disciplinary teams across dev, infra, cloud, and security domains.
• Ability to influence architects, executives, developers, and operations teams.

• AWS DevOps Engineer - Professional
• AWS Solutions Architect - Associate/Professional
• HashiCorp Terraform Certification
• Kubernetes certifications (CKAD, CKA, CKS)
• DevSecOps or SRE certifications (nice-to-have)

• Fully automated, secure CI/CD pipelines across all migration phases
• Enterprise-wide IaC adoption with strong governance and consistency
• Reduction in security vulnerabilities and pipeline defects
• Faster cloud onboarding and deployment times
• Improved security posture and operational reliability post-migration