Senior Software Engineer (DevSecOps)

Aboutthe Role

We are looking for a highly experienced Senior Software Engineer with deep expertise in DevOps practicesand a strong security-first mindset. In this role, you will sit at the intersection of software engineering, infrastructure, and cybersecurity - championing a culture where security is built into every stage of the software development lifecycle (SDLC), not bolted on afterwards.

You will architect, build, andmaintain robust systems that are both highly functional and resilient to threats. You will work closely with product engineering, security, and platformteams to embed security controls, automate compliance, and drive adoption of DevSecOps best practices across the organisation.

KeyResponsibilities

Software Engineering &Architecture

▪       Design, develop, and maintainscalable, high-performance software systems with security and reliability ascore non-functional requirements.

▪       Lead technical design reviews,ensuring that both functional correctness and security considerations are addressed from the outset.

▪       Advocate for clean code principles, modular design, and testability, setting the engineering bar for the wider team.

▪       Mentor junior and mid-levelengineers on secure coding standards, architecture patterns, and DevOps practices.

DevOps & Platform Engineering

▪       Architect and manage CI/CDpipelines (e.g. GitHub Actions, GitLab CI, Jenkins, CircleCI) with integrated security scanning at every stage.

▪       Build and maintaininfrastructure-as-code (IaC) using tools such as Terraform, Pulumi, or AWSCloud Formation to ensure reproducible, auditable environments.

▪       Manage container orchestration platforms (Kubernetes, ECS) and ensure workloads are hardened against known attack vectors.

▪       Implement robust observability solutions - logging, metrics, tracing, and alerting - to detect anomalies and security events proactively.

▪       Drive reliability engineering practices including SLO/SLI definition, chaos engineering, and incident response playbooks.

Security Integration (DevSecOps)

▪       Embed security tooling directlyinto the SDLC: SAST, DAST, dependency scanning (SCA), secrets detection, and container image scanning.

▪       Own and evolve the organisation's threat modelling process, producing actionable risk assessments for new features and infrastructure changes.

▪       Lead vulnerability management: triage security findings, coordinate remediation, and track closure within agreed SLAs.

▪       Ensure compliance with relevant security frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS Benchmarks) through automated policy enforcement and audit trails.

▪       Conduct and participate insecurity reviews, penetration test scoping, and post-mortem analyses for security incidents.

▪       Champion a Zero Trust architecture approach across the platform, including identity and access management (IAM),network segmentation, and least-privilege principles.

Collaboration & Culture

▪       Partner with Product, QA, and Security teams to define and uphold engineering standards that balance velocity with risk.

▪       Act as a subject-matter expert and internal consultant on DevSecOps topics, running workshops and brown-bag sessions to upskill peers.

▪       Contribute to hiring and technical interviews, helping the team grow with engineers who share a security-conscious engineering philosophy.

Requirements

Experience

▪       5+ years of professional software engineering experience, with at least 5 years specifically in DevOps orDevSecOps roles.

▪       Proven track record delivering production systems with rigorous security controls in cloud-native environments.

▪       Experience working in regulated orsecurity-sensitive industries (e.g. fintech, healthtech, SaaS, government) ishighly desirable.

Technical Skills

▪       Languages: Proficiency in at least two of Python, Go, Java, TypeScript, or Rust; shell scripting (Bash) isessential.

▪       Cloud Platforms: Deep hands-on experience with AWS, GCP, or Azure — including native security services (e.g.AWS IAM, GuardDuty, Security Hub, KMS).

▪       Containers & Orchestration: Kubernetes (CKA/CKS level proficiency preferred), Docker, Helm; experience hardening container runtimes.

▪       IaC & Config Management: Terraform (required), Ansible or Chef desirable; policy-as-code tools (OPA,Sentinel).

▪       CI/CD & GitOps: Deep familiarity with pipeline architecture; experience with ArgoCD, Flux, or similar GitOps tooling.

▪       Security Tooling: Workingknowledge of tools such as Snyk, Trivy, Checkov, SonarQube, Vault (HashiCorp),Falco, or equivalent.

▪       Networking & Zero Trust: Understanding of TLS/mTLS, VPNs, service meshes (Istio/Linkerd), WAF configuration, and firewall policies.

▪       Observability: Experience with Prometheus, Grafana, OpenTelemetry, Datadog, Splunk, or similar stacks.

Soft Skills & Mindset

▪       Security-first thinking: you naturally ask 'how could this be abused?' before 'does this work?'

▪       Strong communication skills — ableto articulate security trade-offs and technical concepts to both technical and non-technical stakeholders.

▪       High ownership mentality with abias for action and a track record of driving improvements without waiting to be asked.

▪       Comfortable working in ambiguity and influencing decisions without direct authority.

Education

▪       A Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field is preferred.

▪       Equivalent professional experience, a strong portfolio of delivered work, and/or relevant industry certifications will be given equal consideration - we evaluate candidates on demonstrated ability, not credentials alone.

▪       Candidates without a degree who hold recognised certifications (e.g. CKS, AWS Security Specialty, OSCP, CISSP) and can demonstrate hands-on expertise are strongly encouraged to apply.

Nice to Have

▪       Relevant certifications: AWS Security Specialty, CKS (Certified Kubernetes Security Specialist), OSCP,CISSP, or equivalent.

▪       Experience with software supply chain security (SLSA framework, Sigstore/Cosign, SBOM generation).

▪       Contributions to open-source security or DevOps tooling.

▪       Familiarity with eBPF-based runtime security tools (e.g. Cilium, Tetragon).

▪       Background in red teaming, application security research, or bug bounty programmes.