DevSecOps Capability Manager

Location: Skipton (Hybrid)

Salary: Competitive + Excellent Benefits

Are you passionate about driving secure, high-performing software delivery at scale? This is a fantastic opportunity to lead and evolve a DevSecOps capability within a forward-thinking organisation, enabling fast, safe, and compliant delivery across multiple engineering teams.

The Role

As the DevSecOps Capability Manager, you'll lead and scale DevSecOps practices across the organisation, embedding secure-by-design principles, modern automation, and policy-as-code into the CI/CD ecosystem. You'll play a pivotal role in improving engineering performance, focusing on DORA metrics such as lead time, deployment frequency, and reliability. This role blends technical leadership, strategy, governance, and hands-on capability development.

What You'll Do

• Value, Flow & Quality
• Own and improve lead time and deployment frequency across platforms
• Publish and act on DORA and flow metrics
• Remove bottlenecks through automation and policy-as-code
• Implement modern deployment strategies (canary, blue/green, auto rollback)
• Drive performance improvements via engineering scorecards
• Leadership & Capability Development
• Lead, coach, and develop a team of DevSecOps Engineers
• Define standards, patterns, and best practices
• Foster a culture of security, automation, and continuous improvement
• Strategy, Governance & Technical Direction
• Set DevSecOps strategy across pipelines and security automation
• Establish governance for CI/CD, IaC, and cloud delivery
• Define observability standards (SLOs, tracing, dashboards)
• Embed security into pipelines (SAST, SCA, DAST, secrets, IaC scanning)
• Govern 'Golden Path' templates and adoption
• Operational Oversight & Risk Management
• Oversee reliability, performance, and security of platforms and pipelines
• Lead vulnerability management and remediation
• Support incident response and post-incident reviews
• Integrate telemetry across Azure ecosystem (Defender, Entra, WAF)
• Collaboration Across Technology
• Act as a senior advisor to engineering, product, and security teams
• Align stakeholders on delivery and security best practice
• Represent DevSecOps in governance forums
• Tooling, Automation & Optimisation
• Own DevSecOps tooling strategy and lifecycle
• Drive automation across testing, security, deployment, and monitoring
• Partner with Cloud and Platform teams
• Own and evolve the Golden Path service catalogue
• Business Continuity & Resilience
• Embed resilience and BCP via policy-as-code
• Ensure audit-ready pipeline outputs
• Run recovery and resilience testing (game days)

What We're Looking For

• Strong leadership and people management experience
• Deep expertise in CI/CD, DevSecOps, and security integration
• Strong cloud, containerisation, and IaC knowledge
• Proven ability to improve DORA and engineering performance metrics
• Experience with observability and monitoring frameworks
• Strong background in security tooling (SAST, SCA, DAST, scanning tools)
• Solid understanding of cloud security, IAM, and zero-trust principles
• Experience working in complex or regulated environments
• Excellent communication and stakeholder management skills

What's In It for You

• Impact: Lead a critical DevSecOps capability in a large-scale organisation
• Flexibility: Hybrid and flexible working options
• Career Growth: Ongoing learning, development, and leadership exposure
• Benefits Package: Annual discretionary bonus, 25 days holiday + bank holidays + holiday trading, Up to 10% matched pension, Private medical insurance, Electric car salary sacrifice scheme, Colleague mortgage benefits, 3 paid volunteering days, Gym discounts & wellbeing support, Inclusive employee networks

Apply today or reach out directly to Charlie Smith for a confidential chat.