At a Glance
- Tasks: Lead DevSecOps practices across digital products, ensuring security and compliance.
- Company: Global recruitment specialist with a focus on innovative tech solutions.
- Benefits: Competitive pay rate, hybrid work model, and opportunities for professional growth.
- Other info: Exciting opportunity with potential for career advancement in a supportive environment.
- Why this job: Join a dynamic team and make a real impact in digital transformation for the MOD.
- Qualifications: Proven experience in DevSecOps, CI/CD pipelines, and cloud environments.
The predicted salary is between 60000 - 80000 £ per year.
We are a Global Recruitment specialist that provides support to clients across EMEA, APAC, US and Canada. We have an excellent job opportunity for you.
Location: London or Bristol/Bath (1-day office)
Duration: 31/03/2027
Pay Rate: £671 per day all inc. (PAYE through Umbrella)
Sector: Public
Clearance required: MOD SC
This role requires additional vetting, which means this could take longer than our normal onboarding process. You will require additional vetting for this position.
We are seeking an experienced, client-facing Lead DevSecOps Engineer to drive and coordinate DevSecOps practices across multiple digital products delivered as part of a wider MOD business and digital transformation programme, where the client is the prime Digital Delivery Partner.
Products will be deployed across the MOD digital estate (MODCloud), including MOD’s instances of Microsoft Azure (MODCloud ACE / i-ACE), AWS (MODCloud ICE) and Oracle Cloud Infrastructure (OCI / MODCloud OCE). You will embed security, compliance, and automation into the software delivery lifecycle, ensuring platforms and applications meet stringent security and operational standards.
You will also establish consistent, documented processes used by DevSecOps engineers across each environment, including a coordinated approach for releasing updates across the integrated set of products and platforms in scope.
This role requires deep expertise in CI/CD pipelines, delivery workflows and security tooling across these cloud environments, alongside strong collaboration with developers, DevSecOps engineers, infrastructure engineers and test teams.
Key Responsibilities
- Design, implement, document and continuously improve DevSecOps practices across the delivery teams, including:
- Secure, automated CI/CD pipelines
- Security scanning integrated into build, test, and deployment workflows
- Vulnerability lifecycle management, including allowlist processes and risk acceptance where required
- Secrets management and identity/access management
- Policy enforcement for workloads, container images and infrastructure
- Observability, monitoring, logging and audit controls
- Partner with developers to embed secure-by-design engineering and ensure compliance with MOD security standards.
- Enable and govern Infrastructure as Code (IaC) practices across teams and environments.
- Contribute to incident response, patching cycles and compliance reporting, ensuring lessons learned are captured and actions tracked.
- Document security processes, controls and operational runbooks in Confluence.
Key Skills and Experience
Essential
- Proven experience as a DevSecOps Lead, establishing and operating DevSecOps ways of working and associated tooling across the following areas (hands-on and leading others):
- CI/CD and GitOps (e.g. GitHub Actions, Argo CD, Argo Rollouts)
- Security and compliance tooling (e.g. Trivy scanning and vulnerability management, HashiCorp Vault, cert-manager)
- Containers and orchestration (e.g. Docker, AWS EKS)
- Infrastructure as Code (e.g. Terraform)
- Observability (e.g. Grafana, Loki)
- Scripting and automation (e.g. Python, Bash)
- Cloud and networking fundamentals (e.g. AWS IAM, S3, network policies)
- Experience delivering within the UK Government Digital Service (GDS) lifecycle on a public sector engagement.
- Experience working with and leading distributed and hybrid teams.
- Demonstrated ability to work across cross-functional teams, particularly with developers, testers, and DevSecOps engineers.
- Strong facilitation, communication and stakeholder management skills, with experience influencing at multiple levels.
Highly Desirable
- Experience leading DevSecOps engineering for products hosted on the MOD digital estate, spanning Microsoft Azure (MODCloud ACE / i-ACE), AWS (MODCloud ICE) and Oracle Cloud Infrastructure (OCI / MODCloud OCE).
Clearance: MOD SC (minimum BPSS to start; must be eligible to apply for MOD SC).
Travel: Hybrid role, predominantly remote, with some travel to Client sites (estimated average 1 day per week to London and/or Bristol/Bath; occasionally more during specific delivery phases).
If you are interested in this position and would like to learn more, please send through your CV and we will get in touch with you as soon as possible. Please note, candidates are often shortlisted within 48 hours.
Security Professional in Slough employer: eTeam
As a leading global recruitment specialist, we pride ourselves on fostering a dynamic and inclusive work culture that prioritises employee growth and development. Our London and Bristol/Bath locations offer a unique opportunity to engage in meaningful projects within the public sector, while enjoying the flexibility of a hybrid work model. With competitive pay rates and a commitment to security and compliance, we empower our team members to excel in their roles and contribute to impactful digital transformation initiatives.
StudySmarter Expert Advice🤫
We think this is how you could land Security Professional in Slough
✨Get Active on Cybersecurity Forums
Join platforms like Stack Exchange and Reddit’s r/cybersecurity to hang out with industry pros, learn the latest, and share your insights. This will not only boost your visibility but also help you connect with potential clients who might need your freelance services.
✨Show Off Your Skills with Public Projects
Create a few open-source projects or contribute to existing ones that showcase your cybersecurity skills. Use GitHub to display your work, as this is an excellent way to attract clients looking for freelancers with a proven track record.
✨Attend Local Conferences and Meetups
Make sure to hit up cybersecurity meetups, workshops, and conferences in your area. These events are goldmines for networking, and you’ll often find people looking for freelancers after a chat over a coffee – so come prepared with your business cards and a killer elevator pitch!
✨Market Yourself Smartly
Set up a professional website that showcases your portfolio, expertise, and client testimonials. Optimise it for SEO with relevant keywords so potential clients searching for cybersecurity freelancers can easily find you. Don’t forget to link to your site on all your social media and profiles!
We think you need these skills to ace Security Professional in Slough
Some tips for your application 🫡
Show Your Skills Through a Strong Portfolio:Since you're applying for a freelance role in cybersecurity, it's crucial to showcase your technical skills through a detailed portfolio. Include case studies of projects you've worked on, any security tools you've developed or assessed, and specifics on the methodologies you’ve used. This will help eTeam understand what you're capable of.
Certifications Matter!:Make sure to list any relevant certifications you hold, such as CISSP, CEH, or CompTIA Security+. Freelance clients often value these credentials as they reflect your expertise and commitment to the field. If you’re actively pursuing more certifications, don’t hesitate to mention that too!
Rates, Availability, and Your Work Style:In your application, it’s essential to be clear about your freelance rates and availability. Clients appreciate transparency. Mention how many hours a week you can dedicate and your preferred working hours, as this sets expectations from the start and shows you're organised and professional.
Tailor Your CV to Highlight Cybersecurity Experience:When crafting your CV, make sure to tailor it specifically to cybersecurity. Highlight projects, tasks, and achievements related to security assessments, vulnerabilities you've mitigated, or compliance work you've undertaken. Keywords relevant to the job can grab attention and increase your chances of landing a spot at eTeam.
How to prepare for a job interview at eTeam
✨Showcase Your Cybersecurity Skills
As a freelancer in cybersecurity, it’s crucial we demonstrate not just our knowledge but our practical skills too. Be ready to discuss specific tools you’ve used, like Wireshark or Metasploit, and share relevant experiences where you identified vulnerabilities or mitigated risks in past projects.
✨Prepare Your Portfolio
Unlike traditional roles, freelancing relies heavily on your portfolio. Let’s curate a selection of past work that showcases our best projects. If we’ve handled penetration tests, audits, or incident responses, be sure to highlight these in your portfolio, and share any client testimonials if we have them.
✨Stay Updated on Trends and Tools
Cybersecurity is an ever-evolving field, so we should be prepared to chat about recent developments and how they impact our work. Familiarise ourselves with the latest threats, tools, and frameworks, like MITRE ATT&CK, that are pertinent to the projects we’re pitching.
✨Pitching Your Value as a Freelancer
When freelancing, we often need to negotiate our rates and value propositions. Be ready to explain how our skills can help eTeam protect their assets and manage risks. It can help to outline some potential strategies or improvements we could implement for them based on their current setup.
