Senior DevSecOps Engineer (17)

Senior DevSecOps Engineer

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior DevSecOps Engineer based in United Kingdom.

As a Senior DevSecOps Engineer, you will play a critical role in strengthening the security posture of large-scale, high-traffic digital platforms operating in a fast-moving product environment.You will design and implement security-first engineering practices across application, infrastructure, and cloud layers, ensuring that security is embedded throughout the entire software development lifecycle.Working closely with engineering, platform, and product teams, you will build scalable security frameworks, automate controls, and reduce systemic risk across complex distributed systems.

This role combines hands-on engineering with strategic security architecture, offering the opportunity to influence how security is built, measured, and maintained at scale.You will also help shape compliance readiness and drive security maturity across multiple teams in a highly collaborative, remote-first organization.

Accountabilities

• Design and implement an end-to-end Application & Infrastructure Security operating model, including ownership structures, SLAs, escalation paths, risk acceptance processes, and reporting frameworks.
• Build and maintain a robust vulnerability management program covering detection, triage, prioritization, remediation tracking, exception handling, and security metrics.
• Integrate security controls into SDLC and CI/CD pipelines, including SAST, SCA, secret scanning, container and image scanning, SBOM generation, and security quality gates.
• Strengthen software supply chain security through dependency management, artifact signing, CI/CD hardening, protected branches, and secure release practices.
• Define and implement cloud security baselines using Infrastructure as Code, including IAM policies, KMS, logging, threat detection, and cloud security monitoring tools.
• Establish Kubernetes security standards such as Pod Security Policies/Standards, network policies, RBAC reviews, admission control, and runtime security practices.
• Collaborate with engineering and platform teams to remediate vulnerabilities, reduce false positives, improve secure coding practices, and embed security-by-design principles.
• Support compliance and audit readiness efforts (including PCI DSS and similar frameworks) by preparing documentation, controls, and security evidence.
• Automate security workflows and reporting using scripting and engineering tools (Python, Bash, or Go) to improve efficiency and scalability.
• Continuously improve security tooling, policies, and processes across cloud, application, and infrastructure environments.

Requirements

• 5+ years of hands-on experience in DevSecOps, Application Security, or Security Engineering roles in production environments.
• Strong practical experience integrating security tools into CI/CD pipelines (GitLab CI, GitHub Actions, or similar).
• Expertise with security scanning tools such as SAST, SCA, secret scanning, container/image scanning (e.g., Semgrep, SonarQube, Trivy, Snyk, Grype, Gitleaks or equivalents).
• Strong understanding of CI/CD security concepts including least privilege access, protected branches/environments, secrets management, CODEOWNERS, and secure runner configurations.
• Proven experience building vulnerability management processes including triage, prioritization, SLA definition, remediation tracking, and risk acceptance workflows.
• Deep knowledge of software supply chain security including SBOMs, dependency pinning, artifact signing, provenance, and dependency risk management.
• Strong cloud security experience, ideally in AWS, including IAM, Security Groups, KMS, CloudTrail, GuardDuty, Security Hub, and network architecture.
• Hands-on experience with Kubernetes security including RBAC, network policies, admission controllers, audit logging, and runtime security concepts.
• Experience with Infrastructure as Code security (Terraform preferred) using tools like tfsec, Checkov, or policy-as-code frameworks.
• Strong automation skills in Python, Bash, or Go for building security tools, pipeline integrations, or reporting systems.
• Solid understanding of OWASP Top 10, web application vulnerabilities, and secure development practices.
• Ability to work independently, prioritize effectively, and collaborate closely with engineering, platform, and business stakeholders in a fast-paced environment.
• Experience in regulated industries such as fintech or gaming is a plus.

Benefits

• Fully remote work with flexibility to work from anywhere within compatible regions.
• Competitive compensation package aligned with experience and market standards.
• 20 paid vacation days plus public holidays and sick leave.
• Private health insurance and psychological support coverage.
• Flexible benefits budget for personal use, hobbies, sports, and lifestyle needs.
• Learning and development budget, including courses, training, workshops, and language programs.
• Corporate events, team-building activities, and professional development workshops.
• Flexible working culture focused on autonomy, trust, and work-life balance.
• Access to modern engineering practices, automation-first workflows, and cutting-edge security tooling.
• Opportunity to work on high-scale, high-impact systems in a fast-growing product environment.