DevSecOps Engineer

Position: DevSecOps Engineer (Mid-Level)

Hoxton Wealth is a leading global wealth management firm, delivering financial solutions to international investors and expatriates across regulated jurisdictions.

We are seeking a DevSecOps Engineer to embed security into our cloud-native development workflows and corporate IT environment. This role is suited to a mid-level engineer with strong hands-on experience securing AWS-based development platforms and integrating security controls into CI/CD pipelines, alongside responsibility for core IT security within Office 365.

You will play a key role in shifting security left across the software delivery lifecycle while ensuring production and corporate systems remain secure, observable, and compliant with ISO 27001 and related regulatory expectations. The role requires a pragmatic security mindset, balancing strong controls with developer velocity in a regulated environment.

You will work closely with engineering, platform, IT, and compliance teams to design and operate security capabilities that are scalable, auditable, and automation-driven.

Responsibilities

• Design, implement, and operate DevSecOps practices across AWS-based development and production environments, aligned with ISO 27001 control objectives. Embed security controls into CI/CD pipelines, including static analysis, dependency scanning, container scanning, and policy enforcement, supporting secure SDLC requirements.

• Own and operate security tooling such as SonarQube, Microsoft Sentinel, and related vulnerability, monitoring, and detection platforms.

• Implement and maintain AWS security controls, including IAM, network segmentation, logging, encryption, and threat detection, in line with ISO 27001 Annex A controls.

• Manage identity and access security across AWS and Microsoft 365, including role design, conditional access, MFA, and periodic access reviews.

• Monitor, investigate, and respond to security alerts and incidents, contributing to incident management and continuous improvement processes.

• Partner with engineering teams to define secure architecture patterns and ensure infrastructure-as-code adheres to approved security baselines.

• Support secure software development by defining secure coding standards and working with teams to remediate findings identified through automated and manual reviews.

• Own vulnerability management activities, including scanning, prioritisation, remediation tracking, and risk acceptance aligned with organisational risk processes.

• Maintain security documentation, runbooks, and evidence required for ISO 27001 audits and internal reviews.

• Support internal and external audits by providing evidence, implementing corrective actions, and tracking control effectiveness.

• Continuously improve security automation, detection coverage, and operational resilience.

Requirements

• 3–6 years of experience in DevSecOps, cloud security, or platform security roles.

• Strong hands-on experience securing AWS environments, including IAM, VPCs, CloudTrail, GuardDuty, Security Hub, and encryption services.

• Proven experience integrating security tooling into CI/CD pipelines, including SonarQube for static analysis and code quality enforcement.

• Hands-on experience with SIEM and security monitoring tools, including Microsoft Sentinel or equivalent platforms.

• Experience with container, dependency, and secrets security tooling.

• Strong understanding of secure software development lifecycle (SSDLC) principles and shift-left security practices.

• Experience securing Microsoft 365 environments, including Entra ID (Azure AD), Conditional Access, Defender, and email security.

• Familiarity with ISO 27001 concepts, including risk management, control implementation, evidence collection, and audit support.

• Experience working in regulated environments such as financial services, fintech, or similar industries.

• Strong analytical and problem-solving skills, with the ability to balance security risk, usability, and delivery speed.

• Clear written and verbal communication skills, with the ability to collaborate effectively with engineering, IT, and compliance teams.