DevSecOps Architect

Multiverse is the upskilling platform for AI and Tech adoption. We have partnered with 1,500+ companies to deliver a new kind of learning that transforms today’s workforce. Our upskilling apprenticeships are designed for people of any age and career stage to build critical AI, data, and tech skills. Our learners have driven $2bn+ ROI for their employers, using the skills they’ve learned to improve productivity and measurable performance.

In June 2022, we announced a $220 million Series D funding round co-led by StepStone Group, Lightspeed Venture Partners and General Catalyst. With a post-money valuation of $1.7bn, the round makes us the UK’s first EdTech unicorn. We have ambitious plans to continue scaling with a strong operational footprint and 800+ employees. We are building a world where tech skills unlock people’s potential and output.

We are looking for a DevSecOps Architect to join our Information Security team. In this role, you will be a collaborative and strategic partner to our engineering teams, helping design the automation that enables us to ship secure code at velocity. You will advocate for a "Security by Design" culture, ensuring that robust security practices are seamlessly integrated into the fabric of our product development processes.

We are committed to building a diverse and inclusive team. We believe that different perspectives and backgrounds are what make our company and our products stronger.

What You’ll Be Doing

• Your goal is to architect and build a frictionless security environment where the secure path is the easiest path for our developers.
• Architect Automated Security Pipelines: Partner with the Platform team to design and implement advanced automated security controls (SAST, DAST, SCA) within our CI/CD pipelines, providing engineers with rapid, high-fidelity feedback.
• Infrastructure and Policy as Code: You will guide the security architecture for our AWS environment by treating infrastructure as software enabling secure and scalable deployments and ensure automated compliance.
• Threat Detection Engineering: Engineer advanced threat detection capabilities by integrating platform logs and event data (including RabbitMQ) into our SIEM (Google Security Operations). You will develop and tune YARA-L rules to proactively identify and respond to threats.
• Collaborative Design and Threat Modelling: Partner with engineering squads during the design phase of new features, facilitating collaborative threat modelling sessions to build security in from the start.
• Developer Enablement: Create feedback loops that deliver security insights directly into developer workflows (e.g., automated PR comments), enabling teams to self-remediate and learn continuously.

What You Will Bring

We are looking for a pragmatic architect who combines technical expertise with a passion for enabling engineering excellence. You do not need to meet every single point below to apply. If you are passionate about security automation and modern, AI-driven engineering practices, we want to hear from you.

• Core Skills and Experience:
• Cloud Security Architecture: Experience designing secure, scalable architectures on cloud platforms. (We use AWS, but if you have strong experience in GCP or Azure, we are happy to support your transition).
• Infrastructure as Code: Experience securing Terraform codebases and building secure modules for other teams to use.
• CI/CD Orchestration: Experience with modern pipelines (e.g., CircleCI, GitHub Actions, or GitLab) and integrating security steps.
• Automation Engineering: Ability to write script and code (e.g., Python, Typescript) to build integrations and tooling.
• Modern Detection Engineering: An interest in or experience with modern detection engineering (e.g., Google Chronicle, YARA-L, or similar SIEM tools).
• Architecture Patterns: Familiarity with securing API-first and Event-Driven Architectures.
• Incident Response and Operations: Participate in the team’s on-call rotation, including out-of-hours coverage to support platform availability and security. We strive to keep our rotation sustainable and low-noise to respect your work-life balance. You will assist in troubleshooting critical issues, lead the response for security-specific incidents. Crucially, we believe in a blameless culture, so you will drive post-mortems focused on learning and preventing recurrence.
• Ambiguity: You thrive in ambiguous and fast-changing environments, and know how to make progress even when requirements are evolving.

Bonus points if you have:

• Experience with automated policy enforcement.
• Familiarity with functional programming concepts or Elixir (our core backend language).
• Familiarity with securing AI/ML pipelines or services.
• Experience implementing SCA (Software Composition Analysis).
• A pragmatic approach: You focus on high-impact security wins that support business agility rather than "security for security’s sake."

About Certifications

We value practical experience and a willingness to learn over specific acronyms. While certifications like CISSP, CISM, or AWS Security are a bonus, they are not required to join our team.

Benefits

• Time off - 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year.
• Health & Wellness - private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support.
• Hybrid work offering - for most roles we collaborate in the office three days per week with the exception of Coaches and Instructors who collaborate in the office once a month.
• Work-from-anywhere scheme - you’ll have the opportunity to work from anywhere, up to 10 days per year.
• Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!

Our Commitment to Diversity, Equity and Inclusion

We’re an equal opportunities employer. And proud of it. Every applicant and employee is afforded the same opportunities regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. This will never change.

Our Commitment to Safeguarding

Multiverse is committed to safeguarding and promoting the welfare of our learners. We expect all employees to share this commitment and adhere to our Safeguarding Policy, our Prevent Policy and all other Multiverse company policies. Successful applicants will be required to undertake at least a Basic check via the Disclosure Barring Service (DBS). For roles that will involve a Regulated Activity, successful applicants must also undergo an Enhanced DBS check, including a Children’s Barred List check and a Prohibition Order check. Roles involving Regulated Activity may interact with vulnerable groups, therefore are exempt from the Rehabilitation of Offenders Act 1974 meaning applicants are required to declare any convictions, cautions, reprimands, and final warnings. Providing false information is an offence and could result in the application being rejected or summary dismissal if the applicant has been selected, and possible referral to the police and the DBS.