Job Description

Remote-first role within the UK, with quarterly tribe days and occasional off-sites/workshops in Bath, London or Edinburgh. This role doesn't offer visa sponsorship, you need to be fully legally authorised to work and live in Great Britain.

About us

------------


Seccl is the Octopus-owned embedded investment platform that's on a mission to helping more people to invest - and invest well.


We're B-Corp certified with an amazing product-market fit, impressive early traction and the potential to transform an outdated industry, for the better. We've been growing fast and will scale even faster over the next few years.


We're also proud to be part of Octopus, the multi billion group that's on a mission to breathe new life into broken industries, through companies like Octopus Energy, Octopus Investments and Octopus Money.


Check out the Seccl website for the latest on our products and our mission to shape the future of investments.

The role

------------


We're looking for a Senior DevSecOps Engineer to join our DevSecOps team,

reporting to the Squad Engineering Manager (SEM)

and working closely with product engineering squads and platform teams. The role is

Node.js-heavy

and initially focused on authentication: completing our migration from a legacy auth system to

Auth0

, moving M2M clients to

Private Key JWT

(with client-credentials fallback where needed), and automating customer onboarding (keys/JWKs and SSO enablement). It's a hands-on opportunity to ship high-impact security work that directly unblocks delivery.


The DevSecOps team partners across the business to make secure-by-default the easiest path - through guardrails, self-service tooling, and CI/CD enablement. We're a collaborative, remote-first group with clear objectives: land the Auth0 rollout, deprecate legacy auth safely, and introduce scope-based, fine-grained access controls across our API and UI. You'll help us deliver these programmes while strengthening our platform security posture and accelerating product teams.

On a typical day you will be:

---------------------------------

Designing, building, and maintaining

production-grade

Node.js

integrations, CLIs, and automation surrounding our Auth0 identity platform.

Leading

firm-by-firm migrations to Auth0, implementing robust cutover strategies using feature flags, canaries, and detailed rollback plans.

Architecting and automateing

customer onboarding processes, including keypair/CSR handling, JWK publishing, and SSO connection setup.

Utilising Infrastructure as Code (Terraform)

and

CI/CD (GitHub Actions)

to manage Auth0 configuration and ensure safe, repeatable deployments.

Implementing comprehensive observability

for authentication paths with structured logs, monitoring dashboards, alerts, and SLOs.

Collaborating closely

with product, engineering, and support teams on migration timelines, communications, and incident response.

This role's for you if...

-----------------------------

Proficiency in Node.js

, with proven experience building production services or CLIs with robust testing, error handling, and secure coding practices.

Strong experience with Infrastructure as Code (Terraform)

and

CI/CD (GitHub Actions)

for automating cloud and identity configurations, including secure secrets management.

Solid understanding of core AWS services

relevant to modern authentication patterns, such as API Gateway, Lambda authorisers, and CloudWatch.

A commitment to observability

, with hands-on experience implementing structured logging, dashboards, and SLOs for critical services.

Excellent collaboration skills

, demonstrated through participation in design reviews, pairing, and writing clear technical documentation (e.g., runbooks, ADRs). Experience with enterprise SSO (OIDC/SAML), SCIM provisioning, and proficiency in

TypeScript

are highly desirable.

This role isn't for you if...

---------------------------------

You rely on a lot of top-down direction.

Here, you'll have a lot of freedom and ownership of your role, and you'll be expected to shape your own progression

You're not comfortable working in a fast-paced environment.

Our speed and scalability are what set us apart; you need to be able to act quickly and think on your feet

You struggle to follow through on ideas.

We value people who do what they say they will. If you care about something, you have the freedom here to make it happen

You don't like change

. You'll get on great here if you relish the ambiguity of rapid growth and are willing to embrace uncertainty

What's in it for you...

-------------------------


We offer a generous mix of benefits for the things that really matter to our people, including:


27 days holiday + bank holidays (some can be flexible) + day off on your birthday + three days (full time) per year for Dependant leave


Two volunteering days per year


Option to work abroad for up to six weeks a year


Secclbrate - our recognition programme that offers a mix of flexible rewards including extra pay, additional holiday and increased learning budget


Length of service award - one month paid sabbatical at eight years


6% employer pension contribution, and life assurance


Private medical insurance with AXA Health


Enhanced Parental leave


MacBook and up to 500 home office set up budget


750 per person learning budget


Health and wellbeing initiatives including free therapy via Wellness Cloud, mental health support via Headspace


Strong financial wellbeing focus including access to Octopus Money, Octopus Share Incentive Plan and will writing offering via Octopus Legacy


Perkbox - Flexi-points giving you a range of discounts and perks including free weekly coffee, gym and retail discounts


Access to initiatives like Cycle to Work and Octopus Electric Vehicle Leasing

Our culture

---------------


We're proud to put people first, creating a culture where we truly listen to what matters most to them. Our transparent and inclusive environment encourages diversity of thought, challenge and experimentation.


Check out our Glassdoor page for the latest reviews or our LinkedIn for company updates and insights from the team.

Interview process

---------------------


Interviewing is a two-way thing, and we want you to have the time and opportunity to get to know us, as much as we are getting to know you. Our interviews are conversational, so come with questions and be curious. In general, you can expect the interview process to look a bit like this, (following an initial chat with one of our Talent team):

Stage 1:

Take-Home technical task We'll send you a brief technical challenge that reflects the type of work we do. To submit your work, we'll invite you to a private

GitHub repository

where you can create a

pull request

with your changes. We respect your time, so we've designed the task to be completed within a

60-90 minute

time-box, and you'll have a few days to complete it at your convenience. Please don't worry about creating a perfect, production-ready solution. We use this task as a practical starting point for our technical conversation in the next stage and are most interested in your

approach and thought process

.

Stage 2:

Technical Discussion & Task Review (60 minutes)

Stage 3:

Bar-raiser culture-based interview (45 minutes)

We'll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don't miss out and you should expect to hear back from us within one to two weeks of applying.


Our aim is to build a diverse and inclusive company of awesome people, with unique skills, passions and experiences. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.


If this sounds like your kind of thing, we encourage you to apply even if you don't tick every box.

We'd love to hear from you!

#LI-VS1 #LI-hybrid #LI-remote