DevSecOps Engineer

Overview

Location: Stone, Staffordshire Hybrid working, 2 days a week in our Stone Office

Status: Permanent, Full Time

Package: Competitive Salary, Flexible Working, Development & Opportunity (Personal & Technical), Private Medical (Optical & Dental options), Matching Contributory Pension, 25 Days Leave + Public Holidays + Buy and Sell Scheme, Life Insurance, Referral Scheme, Employee Assistance Program, Benefits Hub.

Who is Instem?

We are a global provider of bespoke industry-leading software solutions and services, which facilitate the pre-clinical and clinical phases of the drug discovery process. We have over fifteen products in our portfolio, used by over 700 pharmaceutical clients (including all the top 25!).

Culture and Environment

For a global business of over 400 staff, we have a family feel. You will be part of a friendly, communal, solution-based, flexible environment, where you will feel empowered, valued and accountable. We will invest in you as a person and encourage you to take part in company-wide workshops for wellbeing, mental health, critical conversations, and strengths.

Role context

This role sits within the Platform Engineering team and works closely with SRE, development teams, and our managed SOC. You will operate in an environment that includes established platforms, legacy patterns, and in-flight migrations, alongside newer cloud-native services. A key part of the role is understanding what exists today, identifying material risks and gaps and leading pragmatic improvements over time. You will be expected to operate with a high degree of autonomy. This is a developing senior role for someone who can gather information, form a clear view of the current state, and advise on priorities and direction without needing a fully defined roadmap. You will influence platform security strategy through evidence, engineering judgement, and collaboration.

What are you responsible for?

• Assess the current security posture of our existing platforms, pipelines and cloud environments
• Gather and synthesise information across teams to build a clear view of current risks, gaps, and constraints
• Lead the definition of pragmatic, prioritised improvements to security maturity over time
• Embed security into platform architecture, infrastructure and CI/CD pipelines across the SDLC
• Introduce and evolve a practical threat modelling approach appropriate to a mixed legacy and cloud native estate
• Design, build and improve secure Azure landing zones and shared platform services
• Ensure migrations from managed data centres into Azure result in measurable security improvements
• Jointly own security monitoring and detection capabilities with the managed SOC, shaping alerts, workflows, and responsibilities
• Own and evolve security guardrails using policy as code and automated controls
• Integrate security testing into delivery pipelines, including code, dependency, container and infrastructure scanning
• Partner with Platform Engineers to define secure by default patterns and reusable components
• Work with SREs to align runtime security, observability, and incident response
• Participate in security incidents and post-incident reviews, driving long term corrective actions
• Enable engineering teams through capture the flag exercises, threat scenarios and hands-on security learning
• Provide clear, evidence-based security advice to platform, architecture and delivery leadership

Skills, Knowledge, Experience

• Strong hands-on experience in DevSecOps, platform security or cloud security engineering
• Background as a software developer, platform engineer, or architect, with a solid understanding of how real systems are built and delivered is a real advantage
• Demonstrable experience working across the full SDLC, including design, development, testing, deployment and operation
• Ability to reason about security in the context of application code, infrastructure and runtime behaviour rather than in isolation
• Deep experience securing Azure environments, with working knowledge of AWS
• Proven experience designing, assessing and evolving secure cloud landing zones
• Practical experience applying threat modelling techniques to both new and existing systems
• Strong experience integrating security controls and testing into CI/CD pipelines
• Solid Infrastructure as Code experience (Terraform, Bicep, ARM, etc.)
• Experience securing containers, Kubernetes, and cloud native workloads
• Familiarity with modern testing practices, including unit, integration, and security testing and how they fit together
• Strong automation and scripting skills (PowerShell, Python, Bash, etc.)
• Experience working alongside managed security providers or SOC teams