DevSecOps Engineer

In this role, you’ll work closely with our Platforms, Cyber, Software, and Testing teams to co-create solutions that are secure by design. You’ll bring a blend of technical expertise and a partnership mindset to foster a culture of shared security ownership across the organisation.

We’re looking for someone who cares deeply about collaboration, continuous improvement, and delivering secure outcomes that truly support our people and our customers.

Responsibilities

• Champion security throughout the DevOps lifecycle—proactively embedding protections from code to cloud.
• Empower teams by integrating automated controls that support fast, safe, and scalable software delivery.
• Collaborate across disciplines to ensure security is considered early, often, and as a shared responsibility.
• Integrate security seamlessly into CI/CD pipelines, supporting secure software delivery without slowing teams down.
• Conduct threat modelling and support vulnerability identification and remediation activities.
• Automate security testing (SAST, DAST, SCA, container scanning) to enable proactive risk management.
• Apply best practices in cloud security across AWS, Azure, or GCP environments.
• Collaborate to design and implement secure Infrastructure as Code (IaC) and zero-trust architectures.
• Support compliance efforts aligned to standards like CIS, NIST, ISO27001, and PCI-DSS.
• Implement logging, monitoring, and alerting for early detection and response to security incidents.
• Contribute to a culture of continuous learning, experimentation, and shared success.

Requirements

• Experience automating security controls within CI/CD pipelines (e.g., GitHub Actions, GitLab, Jenkins, Azure DevOps).
• Familiarity with modern security testing tools and frameworks (SAST, DAST, SCA, container security).
• Proficiency in scripting languages (Python, Bash, or similar).
• Hands-on knowledge of vulnerability management and incident response.
• Strong understanding of cloud security, secrets management, IAM, and WAFs.
• Ability to communicate clearly and empathetically with both technical and non-technical stakeholders.
• Comfort working across and bridging Cyber, Dev, and Ops teams.