DevSecOps Engineer
About the Role
We are looking for a hands-on DevSecOps Engineer to own our end-to-end vulnerability management
process and drive security across our cloud-native platform. This is a technical, ownership-heavy role
sitting at the intersection of security engineering and platform engineering.
You will be responsible for identifying, triaging, remediating, and reporting on vulnerabilities across our
application stack, container images, and cloud infrastructure. You will work closely with our Compliance
Manager to ensure our security posture meets compliance requirements and that risk is understood,
documented, and managed appropriately.
This is not a monitoring-only role. We expect you to roll up your sleeves, open pull requests, fix Dockerfiles,
bump package versions, modify CI/CD pipelines, and own the fix through to deployment and verification.
What You Will Be Doing
Vulnerability Management
Own the end-to-end vulnerability management lifecycle - discovery, triage, prioritisation, remediationtracking, and closure
Manage and maintain the vulnerability backlog, ensuring SLAs are tracked and metTriage findings from automated scanning tools and apply contextual risk judgement - not every criticalCVE is equally critical in every context
Produce regular vulnerability reports and risk dashboards for internal stakeholders and theCompliance Manager
Document risk acceptance decisions, mitigating controls, and remediation timelinesVulnerability Remediation
Remediate vulnerabilities directly - bumping dependency versions in package manifests (npm, pip,Maven, Go modules etc.), updating base images, fixing misconfigurations
Update and harden Dockerfiles - base image selection, multi-stage builds, non-root users, minimalattack surface
Work within our Git-based workflow - raise PRs, participate in code review, deploy and verify your ownfixes end to end
1
Container & Application Security
Integrate and maintain container image scanning in CI/CD pipelines (Trivy, Snyk, Grype or equivalent)Integrate Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tooling intopipelines
Define and enforce quality gates that prevent vulnerable or non-compliant images from reachingproduction
Identify vulnerable third-party dependencies and work through remediation with engineering teamsKubernetes & AWS EKS Security
Harden and maintain the security configuration of our AWS EKS clustersImplement and maintain Kubernetes RBAC, Pod Security Standards, Network Policies, and admissioncontrols
Manage secrets securely - AWS Secrets Manager, External Secrets Operator, or equivalentEnsure IAM roles for service accounts (IRSA) are correctly scoped and maintainedMonitor and respond to runtime security events using tooling such as FalcoCloud Infrastructure Security
Maintain and improve AWS security posture across the platformWork with AWS-native security tooling - Security Hub, GuardDuty, Inspector, IAM Access AnalyzerIdentify and remediate misconfigurations in Infrastructure as Code (Terraform, Helm)Apply least-privilege principles consistently across IAM, service accounts, and workload identitiesCI/CD Pipeline Security
Own and evolve the security gates within our CI/CD pipelinesImplement automated scanning for containers, dependencies, IaC, and secretsEnsure pipelines enforce policy as code - fail fast on critical findingsBe comfortable modifying pipeline configuration (GitHub Actions, GitLab CI or equivalent) to introduceor improve security controls
Compliance & Risk
Work alongside the Compliance Manager to translate technical vulnerability findings into compliancerelevant language and evidenceProduce and maintain risk assessments for identified vulnerabilities and infrastructure risksContribute to audit evidence collection and compliance reporting cyclesSupport the maintenance of security policies and standards documentation2
What We Are Looking For
Essential Skills & Experience
4+ years of experience in a DevSecOps, Cloud Security, or Security-focused SRE roleDemonstrable hands-on experience with vulnerability management - not just tooling but owningthe full lifecycle
Strong experience with container security - image scanning, Dockerfile hardening, base imagemanagement
Real-world AWS EKS and Kubernetes security experience - RBAC, Network Policies, Pod SecurityStandards, admission controllers, IRSA
Confident working with AWS security services - Security Hub, GuardDuty, Inspector, IAM, KMS, ECRExperience integrating security tooling into CI/CD pipelines and defining security quality gatesAbility to make direct code and configuration changes - comfortable opening PRs to fix dependencyversions, Dockerfiles, and IaC
Understanding of CVSS scoring, exploitability context, and risk-based prioritisationExperience writing or contributing to risk assessments and risk acceptance documentationStrong communication skills - able to translate technical findings for a compliance or non-technicalaudience
Desirable Skills & Experience
Experience with Kubernetes policy engines - Kyverno, OPA/GatekeeperExperience with runtime security tooling such as FalcoFamiliarity with GRC or compliance platforms - Drata, Vanta, or similarExperience with secrets management tooling - External Secrets Operator, HashiCorp Vault, AWSSecrets Manager
AWS certifications - Security Specialty, Solutions Architect, or equivalentExposure to compliance frameworks - SOC 2, ISO 27001, CIS BenchmarksTechnologies You Will Work With
Area Tools / Technologies
Vulnerability Scanning Trivy, Snyk, Grype, AWS Inspector, Dependabot
SAST / SCA Snyk Code, Semgrep, Checkov, KICS
3
Area Tools / Technologies
Kubernetes Security Falco, Kyverno, OPA/Gatekeeper, kube-bench
AWS Security Security Hub, GuardDuty, IAM Access Analyzer, KMS, ECR
CI/CD GitHub Actions, GitLab CI, ArgoCD or Flux
Infrastructure as Code Terraform, Helm
Secrets Management AWS Secrets Manager, External Secrets Operator
Ticketing / Reporting Jira, and a GRC platform
What We Offer
A genuinely ownership-heavy role - you will drive security decisions, not just implement themClose collaboration with engineering, platform, and compliance teamsA modern, cloud-native stack built on AWS EKSA culture that treats security as an engineering problem, not a checkboxCompetitive salary and benefits package[Add your specific benefits here]How to Apply
We are an equal opportunities employer and welcome applications from all backgrounds
JR013703