At a Glance
- Tasks: Lead DevSecOps practices and enhance security across multiple digital products.
- Company: Join a leading tech firm driving digital transformation for major clients.
- Benefits: Competitive daily rate, hybrid work model, and opportunities for professional growth.
- Other info: Collaborative team culture with excellent career advancement potential.
- Why this job: Make a real impact by embedding security in innovative cloud solutions.
- Qualifications: Proven experience in DevSecOps, CI/CD, and cloud environments required.
The predicted salary is between 60000 - 80000 £ per year.
Duration: contract to run until 31/03/2027
Location: Hybrid role. Predominantly remote with visits to Bristol and London for events or team meetings when necessary
Rate: up to £690 p/d
Umbrella inside IR35
Clearance required: SC Clearance Eligibility is essential
We are seeking an experienced, client-facing Lead DevSecOps Engineer to drive and coordinate DevSecOps practices across multiple digital products delivered as part of a wider CLIENT business and digital transformation programme, where Capgemini is the client’s prime Digital Delivery Partner. Products will be deployed across the CLIENT digital estate (CLIENTCloud), including CLIENT’s instances of Microsoft Azure (CLIENTCloud ACE / i-ACE), AWS (CLIENTCloud ICE) and Oracle Cloud Infrastructure (OCI / CLIENTCloud OCE).
You will embed security, compliance and automation into the software delivery lifecycle, ensuring platforms and applications meet stringent security and operational standards. You will also establish consistent, documented processes used by DevSecOps engineers across each environment, including a coordinated approach for releasing updates across the integrated set of products and platforms in scope.
This role requires deep expertise in CI/CD pipelines, delivery workflows and security tooling across these cloud environments, alongside strong collaboration with developers, DevSecOps engineers, infrastructure engineers and test teams.
Key Responsibilities
- Design, implement, document and continuously improve DevSecOps practices across the delivery teams, including:
- Secure, automated CI/CD pipelines
- Security scanning integrated into build, test and deployment workflows
- Vulnerability lifecycle management, including allowlist processes and risk acceptance where required
- Secrets management and identity/access management
- Policy enforcement for workloads, container images and infrastructure
- Observability, monitoring, logging and audit controls
- Partner with developers to embed secure-by-design engineering and ensure compliance with CLIENT security standards.
- Enable and govern Infrastructure as Code (IaC) practices across teams and environments.
- Contribute to incident response, patching cycles and compliance reporting, ensuring lessons learned are captured and actions tracked.
- Document security processes, controls and operational runbooks in Confluence.
Key Skills and Experience
- Proven experience as a DevSecOps Lead, establishing and operating DevSecOps ways of working and associated tooling across the following areas (hands-on and leading others):
- CI/CD and GitOps (e.g. GitHub Actions, Argo CD, Argo Rollouts)
- Security and compliance tooling (e.g. Trivy scanning and vulnerability management, HashiCorp Vault, cert-manager)
- Containers and orchestration (e.g. Docker, AWS EKS)
- Infrastructure as Code (e.g. Terraform)
- Observability (e.g. Grafana, Loki)
- Scripting and automation (e.g. Python, Bash)
- Cloud and networking fundamentals (e.g. AWS IAM, S3, network policies)
- Experience delivering within the UK Government Digital Service (GDS) lifecycle on a public sector engagement.
- Experience working with and leading distributed and hybrid teams.
- Demonstrated ability to work across cross-functional teams, particularly with developers, testers and DevSecOps engineers.
- Strong facilitation, communication and stakeholder management skills, with experience influencing at multiple levels.
Highly Desirable
- Experience leading DevSecOps engineering for products hosted on the CLIENT digital estate, spanning Microsoft Azure (CLIENTCloud ACE / i-ACE), AWS (CLIENTCloud ICE) and Oracle Cloud Infrastructure (OCI / CLIENTCloud OCE).