DevSecOps Engineer

Role Particulars:

Role Title: DevSecOps Engineer

Team: Global

Reports to: Head of DevSecOps

Location: Remote / UK - once a quarter in office

Job Description:

We are seeking a skilled DevSecOps Engineer to join our dynamic team. This role will focus on integrating security practices within the DevOps process, ensuring that security is a fundamental aspect of our software development lifecycle. The ideal candidate will collaborate closely with the DevOps Tooling & Policy Lead to implement CI/CD practices, automate processes, and enhance the overall security posture of our applications.

Key responsibilities:

• CI/CD pipelines and automation:
• Collaborate with the DevOps Tooling & Policy Lead to design, implement, and maintain robust CI/CD pipelines to automate the software delivery process.
• Integrate testing, security, and deployment processes to ensure high-quality releases.
• Establish and document repeatable patterns for deployment, configuration, and monitoring to enhance efficiency.
• Identify opportunities for automation in security testing and compliance checks.
• Develop solutions to enhance the DevSecOps process, integrating tooling to drive value and enhance developer experience.
• Collaboration with development teams:
• Partner with development teams to identify bottlenecks in the SDLC and implement solutions to streamline workflows.
• Provide guidance on best practices for version control, secure coding, and branching strategies.
• Assist development teams onboard to standardised DevOps patterns and processes.
• Tooling and technology evaluation:
• Evaluate and recommend tools and technologies that can enhance the CI/CD process and overall developer experience.
• Stay up to date with industry trends and emerging technologies to continuously improve practices.
• Documentation and knowledge sharing:
• Develop comprehensive documentation on security and DevOps practices, making it easily accessible to development teams.
• Contribute to workshops and knowledge-sharing sessions to educate developers on secure coding practices and the importance of security in development.
• Assist with the onboarding of projects and teams to the centralised DevSecOps tooling and CI/CD templates.

Experience and skills:

Qualifications

• Proven experience of DevSecOps and Agile software delivery.
• Strong understanding of the SDLC, Agile, DevOps, and DevSecOps principles.
• Familiarity with modern security practices, tools, and standards (e.g., OWASP, NIST).
• Technical knowledge of cloud environments (AWS, Azure, GCP), containerisation (Docker, Kubernetes), and CI/CD pipelines.
• Excellent communication skills, with the ability to articulate DevSecOps concepts to technical and non-technical stakeholders.
• Preferred skills:
• Certifications in cloud technologies (AWS Certified, Azure Security Engineer).
• Experience in leveraging tools for security monitoring and threat detection.
• Experience implementing re-usable pipelines using CI/CD tooling (Gitlab CI/Github Actions/Argo CD/Concourse).
• Familiarity with secure coding principles, application and infrastructure security best practices.