DEVSECOPS ENGINEER in Nottingham

Location: Remote | Type: Contract

About Newpage Solutions

Newpage Solutions is a global digital health innovation company helping people live longer, healthier lives. We partner with life sciences organizations—including pharmaceutical, biotech, and healthcare leaders—to build transformative AI and data-driven technologies addressing real-world health challenges. From strategy and research to UX design and agile development, we deliver and validate impactful solutions using lean, human-centered practices. We are proud to be Great Place to Work® certified for three consecutive years, hold a top Glassdoor rating, and were named among the "Top 50 Most Promising Healthcare Solution Providers" by CIO Review. As a remote-first company, we foster creativity, continuous learning, and inclusivity, creating an environment where bold ideas thrive and make a measurable difference in people’s lives. Newpage looks for candidates who are invested in long-term impact. Applications with a pattern of frequent job changes may not align with the values we prioritize.

Your Mission

Newpage is hiring a Staff DevSecOps Engineer to lead the security engineering posture of a strategic engagement with a global top-tier pharmaceutical company. As the technical anchor for the account, you will define how secure software is built, shipped, and operated across the client's cloud estate — spanning AWS, Azure, and GCP workloads — from research and clinical data platforms through to commercial and supply-chain systems. The client's strategic direction leans on AWS, and depth there is a meaningful advantage. You will partner closely with the client's CISO organization, cloud platform team, application teams, and quality and compliance functions to embed security as code into every pipeline. This is a hands-on principal-level role for someone who thrives at the intersection of cloud-native engineering, regulatory rigor, and developer experience.

What You’ll Do

• Set DevSecOps Strategy translate regulatory intent into engineering requirements that teams can implement.
• Mentor and coach Newpage and client engineers; raise the bar on secure coding, threat modeling, and incident response across the account.
• Engineer Security Into the Cloud Estate Design and operate hardened, multi-account or multi-subscription landing zones — AWS Control Tower / Organizations / SCPs / Identity Center (preferred), Azure Landing Zones / Management Groups / Policy, or GCP Organization Policy / Folders — with guardrails enforced as code.
• Build paved-road CI/CD pipelines (GitHub Actions, GitLab CI, AWS CodePipeline, Azure DevOps, or Jenkins) with integrated SAST, DAST, SCA, secrets scanning, IaC scanning, container scanning, and SBOM generation.
• Implement policy-as-code using OPA/Rego, Checkov, and cloud-native equivalents (AWS Config Rules / CloudFormation Guard, Azure Policy, GCP Organization Policy); enforce at pull-request time and in production.
• Operationalize cloud-native security services end-to-end — AWS GuardDuty / Security Hub / Macie / Inspector / IAM Access Analyzer / KMS / Secrets Manager / WAF (primary), with working knowledge of Microsoft Defender for Cloud / Sentinel and GCP Security Command Center.
• Lead Kubernetes and container security across managed offerings (EKS preferred; AKS, GKE accepted), including admission control, image signing (Sigstore/Cosign), runtime threat detection (Falco or equivalent), and Pod Security Standards enforcement.
• Drive supply-chain security to SLSA-aligned maturity: signed builds, attested artifacts, dependency provenance, and verified deploys.
• Own Regulated tune findings, suppress noise, and ensure every signal is actionable.
• Run blameless postmortems for security incidents and near-misses; convert lessons into durable engineering improvements.
• Establish security SLOs and meaningful metrics — mean time to remediate, control coverage, drift, and developer-impacting friction.
• Influence Across Client and Practice Build trust with the client's senior security, platform, and quality leadership; become the person they call before launching a new initiative.
• Contribute to Newpage's internal DevSecOps practice: reusable accelerators, case studies, hiring loops, and the next generation of senior engineers across the company.

What You Bring

• 8+ years of professional experience in security engineering, platform engineering, or SRE, with at least 4 years leading DevSecOps initiatives at scale.
• Deep, current expertise with at least one major public cloud at production scale — AWS is strongly preferred (you have personally designed and operated multi-account environments with 50+ accounts); Azure or GCP at equivalent depth will be considered.
• Working familiarity with at least one additional cloud beyond your primary — enough to design controls that translate cleanly across providers.
• Strong hands-on coding skills in at least one of Python, Go, or TypeScript, and fluency in infrastructure-as-code with Terraform (cloud-agnostic mastery preferred; CDK, Bicep, or Pulumi also welcome).
• Demonstrable experience embedding security into CI/CD pipelines and developer workflows for engineering organizations of 200+ developers.
• Working knowledge of Kubernetes security on at least one managed offering (EKS preferred; AKS or GKE accepted) — including network policy, admission control, and supply-chain controls.
• Track record of operating in a regulated industry — pharma, healthcare, financial services, or critical infrastructure — and translating compliance frameworks into engineering controls.
• Excellent written and verbal communication skills; comfortable presenting to a client CISO one day and pairing with a junior engineer the next.

Nice to have

• Direct experience with pharma or life-sciences workloads: GxP, 21 CFR Part 11, Annex 11, CSV/CSA, pharmacovigilance systems, or clinical data platforms.
• Exposure to threat modeling frameworks (STRIDE, PASTA), MITRE ATT&CK.