As a DevSecOps Engineer, you’ll contribute to a security-first approach. This is an opportunity to shape the foundations of a resilient platform with security embedded throughout the software development lifecycle, implementing automated security controls and establishing security best practices. This hands-on role requires security by design, championing shift-left security practices and establishing security automation across our route to live, incorporating static and dynamic security testing, vulnerability management and remediation, and improvements on current security posture and compliance.

You’ll benefit from fresh thinking with the opportunity to include pioneering innovative security approaches, with the freedom to explore AI.

If you're passionate about building secure-by-design systems, defining robust secure platforms, and leading the way in implementing security as code, this role offers the opportunity to do just that.

Key Responsibilities

● Security Strategy - Being the authority on running a secure platform and the technical security strategy, leading in improving and implementing security best practices such as AWS Well-Architected framework, zero trust principles, least privilege access control and disaster recovery within our platforms.

● Collaboration - Serve as the primary technical security liaison between engineering teams and security leadership, working closely with the CISO and assurance/governance teams to align security priorities with business objectives and risk management strategies

● Secure Development Practices - Champion security-first design patterns, integrate automated security testing and compliance validation into CI/CD pipelines, and implement GitOps security practices. Ensure deployments are secure-by-default with automated security gates, vulnerability scanning, and continuous compliance monitoring. This means writing real code, building proof-of-concepts, and diving into problem-solving.

● Security Evangelisation, Visualisation and Consistency - evangelising a security-conscious culture within our development teams. Develop and maintain security posture reporting and metrics that provide meaningful insights to stakeholders and guide development teams in implementing security best practices

● AI & Future Tech - We want to push the boundaries of AI-driven development - if you have ideas on how to embed AI into our security processes, you’ll have the space to explore them.

Your experience

● Tech stack - We use Terraform, Ansible, Helm, Python, AWS, Windows and Linux OS, Github Actions & Bitbucket Pipelines. You’re comfortable with all of these, and have extensive knowledge in Terraform and IaC principles, with extensive knowledge of CI/CD and the AWS ecosystem. Experience with TypeScript & Java is advantageous.

● Proven experience integrating security practices into the software development lifecycle, and you are proficient with compliance frameworks such as CIS Benchmarks, OWASP Top 10 & PCI DSS (v4). Experience with threat modelling is advantageous.

● Proven experience with secure cloud configuration and management of AWS services, familiarity with Network security, Encryption, Identity & Access Management

● Security Tooling & Automation - You have proven experience working with automating and configuring security tooling such as Vulnerability Management, Penetration Testing, DAST, SAST, & SIEM/SOC. Experience with Rapid7 Platform, Crowdstrike and Datadog is advantageous.

● CI/CD & Infrastructure as Code - You’ve deployed secure production systems using Terraform, Ansible and Helm, are comfortable with Linux and Windows based operating systems and have strong experience with CI/CD providers baking in security best practices.

● Observability Mindset - You believe in measuring everything. You’ve worked with DataDog, Rapid7 (or similar) to ensure teams have visibility into platform security.