Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join agile teams to embed security in software delivery and conduct hands-on threat modelling.
- Company: Sanderson G&D is a fast-growing Cyber Security consultancy focused on secure digital services for the UK Government.
- Benefits: Enjoy remote work options, significant autonomy, and long-term career progression in a supportive environment.
- Why this job: Make a real-world impact by shaping the security of vital digital services and influencing best practices.
- Qualifications: Hands-on experience in application and cloud security, with proficiency in Python and familiarity with CI/CD environments.
- Other info: Must hold active SC clearance; this role offers a unique opportunity to lead security initiatives.
The predicted salary is between 48000 - 72000 £ per year.
DevSecOps Engineer – Defence
Overview
An experienced DevSecOps Engineer is required to support defence-focused projects, driving best practice across secure software delivery, cloud platforms, and deployment automation. The role focuses on improving the speed, reliability, and security of systems throughout the full software development lifecycle.
This position works with modern DevSecOps, cloud, and SRE practices in complex, security-critical environments.
The Role
The DevSecOps Engineer will design, build, and maintain secure CI/CD pipelines and cloud infrastructure, supporting both development teams and live operational systems. The role combines hands-on technical delivery with collaboration across engineering, security, and product teams.
Key responsibilities include:
• Managing code releases and automated deployments
• Applying SRE principles to improve system reliability and uptime
• Supporting and troubleshooting live systems
• Working closely with developers, security architects, and quality engineers
• Coaching team members on DevSecOps best practice
Skills & Experience
Essential
• Experience in DevSecOps or similar roles
• Strong experience with AWS (Azure or GCP beneficial)
• CI/CD tooling (e.g. GitLab CI/CD)
• Infrastructure as Code (e.g. Terraform, Ansible, Puppet)
• Containerisation and orchestration (Docker, Kubernetes)
• Linux and scripting
• Secure development and vulnerability management
• Monitoring and observability tools (e.g. Prometheus, Grafana, Elastic)
Beneficial
• Cyber security tooling (e.g. Tenable, SonarQube, IDAM solutions)
• Microservices, serverless, APIs, and event-driven architectures
• GPU or edge computing environments
• Automation languages such as Python or Rust
• Experience in defence or highly regulated environments
Working Style
The successful candidate will be proactive, collaborative, and comfortable working across multidisciplinary teams. Strong communication skills and a continuous improvement mindset are essential.
Hybrid working is supported, with collaboration taking place across UK offices and client sites as required.
Security Clearance
Due to the nature of the work, candidates must be eligible for SC clearance. This requires British citizenship and UK residency for the relevant period.
DevSecOps Engineer employer: Sanderson Government & Defence
Contact Detail:
Sanderson Government & Defence Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land DevSecOps Engineer
✨Tip Number 1
Familiarise yourself with the specific tools mentioned in the job description, such as Burp Suite, ZAP, and Nessus. Having hands-on experience or even a solid understanding of these tools will help you stand out during discussions with the hiring team.
✨Tip Number 2
Engage with the DevSecOps community online. Join forums, attend webinars, or participate in relevant discussions on platforms like LinkedIn. This not only helps you stay updated on industry trends but also allows you to network with professionals who might provide insights or referrals.
✨Tip Number 3
Prepare to discuss your experience with cloud-native platforms like AWS and Azure. Be ready to share specific examples of how you've integrated security into CI/CD pipelines, as this will demonstrate your practical knowledge and ability to apply security principles effectively.
✨Tip Number 4
Showcase your ability to communicate security concepts in a developer-friendly manner. Think of ways to explain complex security issues simply, as this skill is crucial for engaging engineering teams and fostering a collaborative environment.
We think you need these skills to ace DevSecOps Engineer
Some tips for your application 🫡
Understand the Role: Read the job description thoroughly to grasp the specific requirements and responsibilities of the DevSecOps Engineer position. Highlight your relevant experience in application security, cloud security, and CI/CD environments.
Tailor Your CV: Customise your CV to reflect your hands-on expertise in application and cloud security. Include specific examples of your experience with threat modelling, security testing, and using tools like Burp Suite and ZAP.
Craft a Compelling Cover Letter: Write a cover letter that showcases your passion for embedding security into the software development lifecycle. Mention how your skills align with the company's mission to deliver secure digital services for the UK Government.
Highlight Relevant Skills: In your application, emphasise your proficiency in Python or similar languages, as well as your familiarity with tools like Splunk. Make sure to mention your ability to engage engineering teams in a practical manner.
How to prepare for a job interview at Sanderson Government & Defence
✨Showcase Your Technical Skills
Be prepared to discuss your hands-on experience with application and cloud security, especially within CI/CD environments. Highlight specific tools you've used, such as Burp Suite or Nessus, and be ready to explain how you've applied them in real-world scenarios.
✨Understand the Role of Security in SDLC
Demonstrate your understanding of integrating security into the software development lifecycle. Discuss how you can shift security left and provide examples of how you've guided engineering teams in secure design practices.
✨Engage with Practical Examples
Prepare to share practical examples of threat modelling and security testing you've conducted. This could include discussing specific APIs you've tested or how you've collaborated with DevOps teams to harden cloud environments.
✨Familiarity with Tools and Technologies
While familiarity with Splunk is a plus, showing a willingness to learn new tools is equally important. Be ready to discuss your proficiency in Python or similar languages and how you've used developer tooling like GitHub in your previous roles.
