Senior DevSecOps Engineer

Your Mission As a Senior DevSecOps Engineer (Security Tooling & Enablement), you will be responsible for embedding automated security controls and guardrails into our CI/CD pipelines, cloud platforms, and developer workflows. You'll build and operate internal security tooling and integrations that enable secure delivery at scale—focusing on automation, low-friction developer experience, and high-quality security feedback loops. You will partner closely with platform, cloud, AppSec, and SecOps teams to deliver scalable, reliable, and friction-reducing security capabilities across the engineering organization.

Responsibilities

• Security in CI/CD & Delivery Workflows: Integrate and maintain security checks (SAST, DAST, SCA, secrets scanning) into CI/CD pipelines. Provide fast, actionable, low-noise feedback to developers. Embed infrastructure and application scanning into automated deployments.
• Security Tooling & Platform Engineering: Design, build, and operate internal security services, APIs, CLIs, and automation workflows. Apply strong software engineering practices to security tooling (testing, observability, version control). Treat security tooling as a product with clear documentation and support.
• Policy-as-Code & Guardrails: Implement and maintain policy-as-code guardrails for IaC, Kubernetes manifests, cloud accounts and identity configurations. Work with platform teams to define secure defaults and self-service patterns.
• Platform Security & Detection Pipelines: Support vulnerability scanning platforms and security telemetry pipelines. Ensure high-quality structured security data flows to SIEM/log platforms. Enable automated response actions via integrations and runbooks.
• DevSecOps Culture & Enablement: Champion secure engineering practices and a shared responsibility mindset. Drive enablement activities (office hours, guides, training) to improve adoption of secure patterns. Contribute to blameless post-incident reviews and continuous improvement.
• Automation, AI & Operational Metrics: Leverage automation and AI to reduce manual toil and enrich security findings. Define and track metrics such as time-to-feedback, signal-to-noise, and tooling adoption.

Requirements

• 5+ years in security engineering, DevSecOps, or platform engineering with significant security integration experience.
• Hands-on experience embedding security into CI/CD (SAST/DAST/SCA, container scanning, secrets detection).
• Proficiency with CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins) and IaC (e.g., Terraform).
• Strong software engineering and automation skills (Python, Go, Bash, or similar).
• Deep cloud-native experience (AWS preferred), including IAM, networking, and logging.
• Experience designing and implementing policy-as-code and security guardrails.
• Ability to collaborate cross-functionally, balancing security with delivery velocity.

Nice-to-Haves

• Experience in fintech or regulated environments.
• Familiarity with WAF/DDoS tools, Zero Trust, and vulnerability management programmes.
• Exposure to SOAR or security automation platforms.
• Relevant certifications (AWS Security, Kubernetes Security, GIAC, CISSP, etc.).

Ways of Working

• Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output.
• Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk.
• Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership.
• Impact-driven: You measure success through outcomes – risk reduction, adoption, and time-to-remediate – not activity.
• Data-informed: You use metrics and trends to guide priorities and demonstrate impact.
• High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams.
• AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes.

The Perks

• We trust you, so we offer flexible working hours, as long it suits both you and your team.
• Health Insurance.
• Physical and mental health support through our partnership with MyFitness.
• 25 days of Annual leave (+ Bank Holidays).
• Possibility to visit other Teya offices to meet colleagues in instances when travel is safe and appropriate.
• Friday lunch in the office.
• Friendly, comfortable and high-end work equipment and informal office environment.
• Hybrid work mode policy.

Teya is proud to be an equal opportunity employer. We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all. If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application - we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.