Senior Software Engineer (DevSecOps)

Aboutthe Role

We are looking for a highlyexperienced Senior Software Engineer with deep expertise in DevOps practicesand a strong security-first mindset. In this role, you will sit at theintersection of software engineering, infrastructure, and cybersecurity — championinga culture where security is built into every stage of the software developmentlifecycle (SDLC), not bolted on afterwards.

You will architect, build, andmaintain robust systems that are both highly functional and resilient tothreats. You will work closely with product engineering, security, and platformteams to embed security controls, automate compliance, and drive adoption ofDevSecOps best practices across the organisation.

KeyResponsibilities

Software Engineering &Architecture

▪       Design, develop, and maintainscalable, high-performance software systems with security and reliability ascore non-functional requirements.

▪       Lead technical design reviews,ensuring that both functional correctness and security considerations areaddressed from the outset.

▪       Advocate for clean codeprinciples, modular design, and testability, setting the engineering bar forthe wider team.

▪       Mentor junior and mid-levelengineers on secure coding standards, architecture patterns, and DevOpspractices.

DevOps & Platform Engineering

▪       Architect and manage CI/CDpipelines (e.g. GitHub Actions, GitLab CI, Jenkins, CircleCI) with integratedsecurity scanning at every stage.

▪       Build and maintaininfrastructure-as-code (IaC) using tools such as Terraform, Pulumi, or AWSCloudFormation to ensure reproducible, auditable environments.

▪       Manage container orchestrationplatforms (Kubernetes, ECS) and ensure workloads are hardened against knownattack vectors.

▪       Implement robust observabilitysolutions — logging, metrics, tracing, and alerting — to detect anomalies andsecurity events proactively.

▪       Drive reliability engineeringpractices including SLO/SLI definition, chaos engineering, and incidentresponse playbooks.

Security Integration (DevSecOps)

▪       Embed security tooling directlyinto the SDLC: SAST, DAST, dependency scanning (SCA), secrets detection, andcontainer image scanning.

▪       Own and evolve the organisation'sthreat modelling process, producing actionable risk assessments for newfeatures and infrastructure changes.

▪       Lead vulnerability management:triage security findings, coordinate remediation, and track closure withinagreed SLAs.

▪       Ensure compliance with relevantsecurity frameworks (e.g. SOC 2, ISO 27001, NIST CSF, CIS Benchmarks) throughautomated policy enforcement and audit trails.

▪       Conduct and participate insecurity reviews, penetration test scoping, and post-mortem analyses forsecurity incidents.

▪       Champion a Zero Trust architectureapproach across the platform, including identity and access management (IAM),network segmentation, and least-privilege principles.

Collaboration & Culture

▪       Partner with Product, QA, andSecurity teams to define and uphold engineering standards that balance velocitywith risk.

▪       Act as a subject-matter expert andinternal consultant on DevSecOps topics, running workshops and brown-bagsessions to upskill peers.

▪       Contribute to hiring and technicalinterviews, helping the team grow with engineers who share a security-consciousengineering philosophy.

Requirements

Experience

▪       5+ years of professional softwareengineering experience, with at least 5 years specifically in DevOps orDevSecOps roles.

▪       Proven track record deliveringproduction systems with rigorous security controls in cloud-nativeenvironments.

▪       Experience working in regulated orsecurity-sensitive industries (e.g. fintech, healthtech, SaaS, government) ishighly desirable.

Technical Skills

▪       Languages: Proficiency in at leasttwo of Python, Go, Java, TypeScript, or Rust; shell scripting (Bash) isessential.

▪       Cloud Platforms: Deep hands-onexperience with AWS, GCP, or Azure — including native security services (e.g.AWS IAM, GuardDuty, Security Hub, KMS).

▪       Containers & Orchestration:Kubernetes (CKA/CKS level proficiency preferred), Docker, Helm; experiencehardening container runtimes.

▪       IaC & Config Management:Terraform (required), Ansible or Chef desirable; policy-as-code tools (OPA,Sentinel).

▪       CI/CD & GitOps: Deepfamiliarity with pipeline architecture; experience with ArgoCD, Flux, orsimilar GitOps tooling.

▪       Security Tooling: Workingknowledge of tools such as Snyk, Trivy, Checkov, SonarQube, Vault (HashiCorp),Falco, or equivalent.

▪       Networking & Zero Trust:Understanding of TLS/mTLS, VPNs, service meshes (Istio/Linkerd), WAFconfiguration, and firewall policies.

▪       Observability: Experience withPrometheus, Grafana, OpenTelemetry, Datadog, Splunk, or similar stacks.

Soft Skills & Mindset

▪       Security-first thinking: younaturally ask 'how could this be abused?' before 'does this work?'

▪       Strong communication skills — ableto articulate security trade-offs and technical concepts to both technical andnon-technical stakeholders.

▪       High ownership mentality with abias for action and a track record of driving improvements without waiting tobe asked.

▪       Comfortable working in ambiguityand influencing decisions without direct authority.

Education

▪       A Bachelor's degree in ComputerScience, Information Security, Software Engineering, or a related field ispreferred.

▪       Equivalent professionalexperience, a strong portfolio of delivered work, and/or relevant industrycertifications will be given equal consideration — we evaluate candidates ondemonstrated ability, not credentials alone.

▪       Candidates without a degree whohold recognised certifications (e.g. CKS, AWS Security Specialty, OSCP, CISSP)and can demonstrate hands-on expertise are strongly encouraged to apply.

Good to Have

▪       Relevant certifications: AWSSecurity Specialty, CKS (Certified Kubernetes Security Specialist), OSCP,CISSP, or equivalent.

▪       Experience with software supplychain security (SLSA framework, Sigstore/Cosign, SBOM generation).

▪       Contributions to open-sourcesecurity or DevOps tooling.

▪       Familiarity with eBPF-basedruntime security tools (e.g. Cilium, Tetragon).

▪       Background in red teaming,application security research, or bug bounty programmes.