Senior DevSecOps Engineer

Your Mission

As a Senior Dev Sec Ops  Engineer (Security Tooling & Enablement), you will be responsible for embedding automated security controls and guardrails into our CI/CD pipelines, cloud platforms, and developer workflows. You’ll build and operate internal security tooling and integrations that enable secure delivery at scale—focusing on automation, low-friction developer experience, and high-quality security feedback loops. You will partner closely with platform, cloud, App Sec, and Sec Ops teams to deliver scalable, reliable, and friction-reducing security capabilities across the engineering organisation.

• Integrate and maintain security checks (SAST, DAST, SCA, secrets scanning) into CI/CD pipelines.
• Provide fast, actionable, low-noise feedback to developers.
• Embed infrastructure and application scanning into automated deployments.

• Design, build, and operate internal security services, APIs, CLIs, and automation workflows.
• Apply strong software engineering practices to security tooling (testing, observability, version control).
• Treat security tooling as a product with clear documentation and support.

• Implement and maintain policy-as-code guardrails for IaC, Kubernetes manifests, cloud accounts and identity configurations.
• Work with platform teams to define secure defaults and self-service patterns.

• Support vulnerability scanning platforms and security telemetry pipelines.
• Ensure high-quality structured security data flows to SIEM/log platforms.
• Enable automated response actions via integrations and runbooks.

• Champion secure engineering practices and a shared responsibility mindset.
• Drive enablement activities (office hours, guides, training) to improve adoption of secure patterns.
• Contribute to blameless post-incident reviews and continuous improvement.

• Leverage automation and AI to reduce manual toil and enrich security findings.
• Define and track metrics such as time-to-feedback, signal-to-noise, and tooling adoption.

• 5+ years in security engineering, Dev Sec Ops , or platform engineering with significant security integration experience.
• Hands‑on experience embedding security into CI/CD (SAST/DAST/SCA, container scanning, secrets detection).
• Proficiency with CI/CD platforms (e.g., Git Hub Actions, Git Lab CI, Jenkins) and IaC (e.g., Terraform).
• Strong software engineering and automation skills (Python, Go, Bash, or similar).
• Deep cloud-native experience (AWS preferred), including IAM, networking, and logging.
• Experience designing and implementing policy-as-code and security guardrails.
• Ability to collaborate cross‑functionally, balancing security with delivery velocity.

• Experience in fintech or regulated environments.
• Familiarity with WAF/DDoS tools, Zero Trust, and vulnerability management programmes.
• Exposure to SOAR or security automation platforms.
• Relevant certifications (AWS Security, Kubernetes Security, GIAC, CISSP, etc.).

• Extreme ownership:
  You take end‑to‑end responsibility for outcomes, not just findings or tooling output
• Pragmatic and delivery‑aware:
  You balance risk reduction with product velocity, focusing on changes that materially reduce risk
• Low‑ego and collaborative:
  You build trust with engineers, product, and operations teams, influencing through credibility and partnership
• Impact‑driven:
  You measure success through outcomes—risk reduction, adoption, and time‑to‑remediate—not activity
• Data‑informed:
  You use metrics and trends to guide priorities and demonstrate impact
• High bar for craft:
  You produce clear documentation, reusable patterns, and automation that scale across teams
• AI‑first mindset:
  You actively look for opportunities to use automation and AI to improve security outcomes

• We trust you, so we offer flexible working hours, as long it suits both you and your team;
• Health Insurance;
• Physical and mental health support through our partnership with MyFitness;
• 25 days of Annual leave (+ Bank Holidays);
• Possibility to visit…