Senior DevSecOps Engineer

On behalf of The Ministry of Justice we are looking for a Senior DevSecOps Engineer (Inside IR35) for a 6 month contract. Hybrid working based in any UK MOJ office.

The Ministry of Justice (MoJ) priorities include improving public safety and reducing reoffending by reforming prisons, probation and youth justice, and building a justice system which makes access to justice swifter and more certain for all citizens whatever their background. Project professionals in the MoJ help to improve the government's ability to protect the public and reduce reoffending, and to provide a more effective, transparent and responsive criminal justice system for victims and the public.

This role sits within The AppSec Team within the Office of the CTO. Part of their responsibility is to help teams build secure pipelines and automation security testing.

As a Senior DevSecOps Engineer your main responsibilities will be to:

• Manage, maintain, and continuously improve centralised CI/CD pipelines for SCA, SAST, and DAST security scanning across engineering teams.
• Collaborate with ALB and internal stakeholders to define, implement, and enforce organisation-wide security engineering standards and best practices.
• Support the identification, triage, and mitigation of vulnerabilities across the organisation's platforms, applications, and infrastructure.
• Provide technical guidance to engineering teams to ensure secure development and deployment practices are embedded within delivery pipelines.
• Monitor and respond to security findings generated by automated tools, ensuring timely remediation and risk reduction.
• Stay up to date with emerging security vulnerabilities, mitigations, Indicators of Compromise (IoCs), and Proofs of Concept (PoCs), translating relevant intelligence into actionable improvements within the DevOps and security ecosystem.

Essential:

• An active SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks.
• Proven experience implementing secure-by-design principles across engineering teams, aligned to enterprise security standards, policies, and frameworks.
• Strong hands-on expertise with DevSecOps practices, including embedding security controls within CI/CD pipelines (e.g. SAST, DAST, dependency scanning, IaC scanning, secrets detection).
• Demonstrated ability to enable secure delivery of cloud-native services, with solid understanding of major cloud platforms and enterprise security architectures.
• Experience leading threat modelling and cyber risk assessments, with the ability to identify, evaluate, and manage risks in line with organisational risk appetite.
• Working knowledge of security assurance activities, such as Infrastructure/IT Health Checks (ITHCs), and a track record of driving remediation and improving security posture.
• Experience collaborating with engineering and security operations (SOC) teams to implement effective logging, monitoring, and alerting for security events.
• Strong understanding of vulnerability management processes, including triage, prioritisation, remediation coordination, and validation of fixes across systems.
• Ability to develop and maintain reusable security standards, patterns, and guidance, enabling scalable and consistent adoption across multiple teams.
• Excellent stakeholder engagement and influencing skills, with the ability to work across multidisciplinary teams and functions.
• Passion for promoting a strong security culture, including mentoring engineers and sharing best practices within wider cyber and digital communities.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident: As a member of the Disability Confident Scheme, MOJ guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.

Armed Forces Covenant: The Ministry of Justice guarantees to interview veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all the essential criteria, we will interview the best candidates from within that group.

In applying for this role, you acknowledge the following: this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.