Job Description

Role: DevSecOps Engineer

Location: Leeds, UK

Mode: Onsite

Type: Contract

:

We are seeking a skilled

DevSecOps Engineer

to join our team and drive the integration of security into our DevOps processes. The ideal candidate will have hands-on experience with cloud and container security, automated security testing, infrastructure-as-code, and continuous integration/continuous deployment (CI/CD) pipelines. This role focuses on embedding security practices throughout the software development lifecycle, ensuring robust, scalable, and secure delivery of applications.

Key Responsibilities

Implement and manage

CI/CD pipelines

with integrated security controls. Conduct

SAST, DAST, and SCA

scans to identify vulnerabilities early in the development lifecycle. Define, enforce, and monitor

quality gates

to ensure secure code delivery. Perform

penetration testing

and provide actionable remediation recommendations. Develop and maintain

Infrastructure as Code (IaC)

using

Terraform, Ansible, or CloudFormation

. Implement and enforce

cloud security

best practices across AWS, Azure, or GCP. Ensure

container security

for Docker and Kubernetes environments. Implement and manage

secrets management

solutions to safeguard sensitive information. Set up

monitoring and logging

to proactively detect and respond to security threats. Conduct

threat modeling

and risk assessments for applications and infrastructure. Advocate and enforce

secure coding practices

among development teams. Build

auto-remediation

processes for identified vulnerabilities to reduce manual intervention.

Required Skills & Experience

Strong hands-on experience in

DevSecOps

practices. Expertise with

CI/CD tools

(Jenkins, GitLab CI, CircleCI, etc.). Experience with

SAST, DAST, and SCA

tools (e.g., SonarQube, Fortify, Checkmarx). Proficiency in

Infrastructure as Code

tools: Terraform, Ansible, CloudFormation. Knowledge of

cloud security principles

and best practices (AWS, Azure, GCP). Experience in

container security

for Docker and Kubernetes. Familiarity with

secrets management

tools (HashiCorp Vault, AWS Secrets Manager). Understanding of

monitoring, logging, and alerting

frameworks. Experience in

threat modelling

and vulnerability assessments. Strong understanding of

secure coding principles

and software security standards. Knowledge of

auto-remediation techniques

for security issues.
Job Type: Fixed term contract
Contract length: 6 months

Pay: 350.00-400.00 per day

Experience:

DevSecOps: 4 years (required) End-to-end secure design: 4 years (required) CI/CD: 3 years (required) SAST / DAST / SCA: 3 years (required) Penetration Testing: 2 years (required) Terraform / Ansible / CloudFormation: 3 years (required) Cloud Security: 2 years (required) * Threat Modeling: 2 years (required)