Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security integration in development, ensuring compliance and automation in CI/CD pipelines.
- Company: Join Damia Group, a dynamic agency focused on digital transformation and tech innovation.
- Benefits: Enjoy flexible work with 2-3 days onsite and competitive pay of £650 per day.
- Why this job: Be part of a transformative project impacting 90,000 users while enhancing your DevSecOps skills.
- Qualifications: Strong experience in DevSecOps, cloud security, and modern tooling is essential.
- Other info: Active SC clearance required; this role is inside IR35 regulations.
The predicted salary is between 46800 - 78000 £ per year.
**Lead DevSecOps Engineer – 6 month initial contract – £650 per day (INSIDE IR35) – 2-3 days per week onsite (range of locations available)**
Security Clearance: Due to the nature of the work, an active SC clearance is required for this role.
We are looking for a Lead DevSecOps role to join a digital transformation programme. This position is responsible for ensuring that security is built into every part of the development lifecycle, specifically ensuring that security tooling (native and non-native) is properly embedded into CI/CD CI/CD pipelines. The role holder will be part of the transformation programmes including tech debt replacement and migration, embedding security to ensure seamless integration of new systems/ features and workflows.
The Lead DevSecOps role will be responsible for ensuring that the replacement systems are security compliant, adhering to standards such as Secure by Design and GovAssure, utilising a shift left mentality to fix problems before production. This is as part of highly complex legacy replacements involving approximately 90,000 users.
Essential skills and experience:
- Strong hands-on expertise in DevSecOps practices, particularly security automation in CI/CD and infrastructure-as-code pipelines.
- Deep understanding of modern DevOps tooling (e.g., GitHub Actions/ CircleCI, Terraform, Kubernetes, Docker) with secure configurations.
- Experience implementing security controls in cloud-native environments (e.g., AWS or Azure) including IAM, network policies, and container security.
- Proven track record of using tools such as Snyk, Trivy, Checkov, OPA/Gatekeeper/ OWASP ZAP, or similar to enforce pipeline and platform security.
- Familiarity with compliance requirements (e.g., NIST, ISO 27001, CIS Benchmarks) and their implementation via code.
- Ability to lead and mentor teams on secure coding, threat modelling, and secure architecture patterns.
- Experience with monitoring, logging, and security telemetry platforms (e.g., Prometheus, Loki, ELK, XDR/SIEM integrations).
Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website.
Please note that no terminology in this advert is intended to discriminate on the grounds of a person\’s gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job.
Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
Lead DevSecOps Engineer employer: Damia Group Ltd
Contact Detail:
Damia Group Ltd Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead DevSecOps Engineer
✨Tip Number 1
Familiarise yourself with the specific security tools mentioned in the job description, such as Snyk and Trivy. Having hands-on experience or even personal projects showcasing these tools can set you apart during discussions.
✨Tip Number 2
Highlight your experience with cloud-native environments like AWS or Azure. Be prepared to discuss how you've implemented security controls in these platforms, as this is crucial for the role.
✨Tip Number 3
Demonstrate your leadership skills by preparing examples of how you've mentored teams on secure coding practices. This will show that you not only have the technical skills but also the ability to lead and inspire others.
✨Tip Number 4
Stay updated on compliance requirements like NIST and ISO 27001. Being able to discuss how you've implemented these standards in previous roles will demonstrate your commitment to security best practices.
We think you need these skills to ace Lead DevSecOps Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your hands-on expertise in DevSecOps practices, particularly focusing on security automation in CI/CD and infrastructure-as-code pipelines. Use specific examples that demonstrate your experience with modern DevOps tooling and cloud-native environments.
Craft a Strong Cover Letter: In your cover letter, emphasise your understanding of compliance requirements and your ability to lead and mentor teams. Mention any relevant certifications or experiences that align with the job description, such as familiarity with NIST or ISO 27001.
Showcase Relevant Projects: If you have worked on projects involving security controls in cloud environments or have used tools like Snyk or OWASP ZAP, make sure to include these in your application. Highlight how you contributed to ensuring security compliance and seamless integration of new systems.
Proofread Your Application: Before submitting, carefully proofread your CV and cover letter for any errors or inconsistencies. A polished application reflects your attention to detail, which is crucial for a role focused on security and compliance.
How to prepare for a job interview at Damia Group Ltd
✨Showcase Your Security Expertise
Make sure to highlight your hands-on experience with security automation in CI/CD pipelines. Be prepared to discuss specific tools you've used, such as Snyk or OWASP ZAP, and how you've implemented security controls in cloud environments like AWS or Azure.
✨Demonstrate Your DevOps Knowledge
Familiarise yourself with modern DevOps tooling, especially GitHub Actions, Terraform, and Kubernetes. During the interview, be ready to explain how you've configured these tools securely and integrated them into your workflows.
✨Discuss Compliance Familiarity
Since compliance is crucial for this role, be prepared to talk about your understanding of standards like NIST or ISO 27001. Share examples of how you've implemented these requirements through code in previous projects.
✨Emphasise Leadership and Mentoring Skills
As a Lead DevSecOps Engineer, you'll need to guide teams on secure coding practices. Be ready to discuss your experience in mentoring others, leading projects, and fostering a culture of security within development teams.
