DevSecOps Engineer

teyaLondon, London, United Kingdom1w ago

In Office Senior EMEA Payments Fintech Cloud Computing DevOps Engineer Go Bash Python Jenkins Terraform

Upload My Resume

Drop here or click to browse · PDF, DOCX, TXT

Apply in One Click

Requirements

5+ years in security engineering, DevSecOps, or platform engineering with significant security integration experience.
Hands-on experience embedding security into CI/CD (SAST/DAST/SCA, container scanning, secrets detection).
Proficiency with CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins) and IaC (e.g., Terraform).
Strong software engineering and automation skills (Python, Go, Bash, or similar).
Deep cloud-native experience (AWS preferred), including IAM, networking, and logging.
Experience designing and implementing policy-as-code and security guardrails.
Ability to collaborate cross-functionally, balancing security with delivery velocity.
Experience in fintech or regulated environments.
Familiarity with WAF/DDoS tools, Zero Trust, and vulnerability management programmes.
Exposure to SOAR or security automation platforms.
Relevant certifications (AWS Security, Kubernetes Security, GIAC, CISSP, etc.).
Ways of working
Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output
Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk
Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership
Impact-driven: You measure success through outcomes—risk reduction, adoption, and time-to-remediate—not activity
Data-informed: You use metrics and trends to guide priorities and demonstrate impact
High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams
AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes

Responsibilities

Security in CI/CD & Delivery Workflows
Integrate and maintain security checks (SAST, DAST, SCA, secrets scanning) into CI/CD pipelines.
Provide fast, actionable, low-noise feedback to developers.
Embed infrastructure and application scanning into automated deployments.
Security Tooling & Platform Engineering
Design, build, and operate internal security services, APIs, CLIs, and automation workflows.
Treat security tooling as a product with clear documentation and support.
Policy-as-Code & Guardrails
Implement and maintain policy-as-code guardrails for IaC, Kubernetes manifests, cloud accounts and identity configurations.
Work with platform teams to define secure defaults and self-service patterns.
Platform Security & Detection Pipelines
Support vulnerability scanning platforms and security telemetry pipelines.
Ensure high-quality structured security data flows to SIEM/log platforms.
Enable automated response actions via integrations and runbooks.
DevSecOps Culture & Enablement
Champion secure engineering practices and a shared responsibility mindset.
Drive enablement activities (office hours, guides, training) to improve adoption of secure patterns.
Contribute to blameless post-incident reviews and continuous improvement.
Automation, AI & Operational Metrics
Leverage automation and AI to reduce manual toil and enrich security findings.
Define and track metrics such as time-to-feedback, signal-to-noise, and tooling adoption.