DevSecOps Engineer - Remote (UK)

We're looking for a Senior DevSecOps Engineer to join our DevSecOps team, reporting to the Squad Engineering Manager (SEM) and working closely with product engineering squads and platform teams. The role is Node.js-heavy and initially focused on authentication : completing our migration from a legacy auth system to Auth0, moving M2M clients to Private Key JWT (with client-credentials fallback where needed), and automating customer onboarding (keys / JWKs and SSO enablement). It's a hands-on opportunity to ship high-impact security work that directly unblocks delivery.

The DevSecOps team partners across the business to make secure-by-default the easiest path - through guardrails, self-service tooling, and CI / CD enablement. We're a collaborative, remote-first group with clear objectives : land the Auth0 rollout, deprecate legacy auth safely, and introduce scope-based, fine-grained access controls across our API and UI. You'll help us deliver these programmes while strengthening our platform security posture and accelerating product teams.

Responsibilities

• Designing, building, and maintaining production-grade Node.js integrations, CLIs, and automation surrounding our Auth0 identity platform.

• Leading firm-by-firm migrations to Auth0, implementing robust cutover strategies using feature flags, canaries, and detailed rollback plans.

• Architecting and automating customer onboarding processes, including keypair / CSR handling, JWK publishing, and SSO connection setup.

• Utilising Infrastructure as Code (Terraform) and CI / CD (GitHub Actions) to manage Auth0 configuration and ensure safe, repeatable deployments.

• Implementing comprehensive observability for authentication paths with structured logs, monitoring dashboards, alerts, and SLOs.

• Collaborating closely with product, engineering, and support teams on migration timelines, communications, and incident response., We're proud to put people first, creating a culture where we truly listen to what matters most to them. Our transparent and inclusive environment encourages diversity of thought, challenge and experimentation. Interview process Interviewing is a two-way thing, and we want you to have the time and opportunity to get to know us, as much as we are getting to know you. Our interviews are conversational, so come with questions and be curious. In general, you can expect the interview process to look a bit like this, following an initial chat with one of our Talent team :

• Stage 1 : Take-Home technical task - We'll send you a brief technical challenge that reflects the type of work we do. To submit your work, we'll invite you to a private GitHub repository where you can create a pull request with your changes. The task is designed to be completed within 60-90 minute time-box and you'll have a few days to complete it at your convenience.

• Stage 2 : Technical Discussion & Task Review (60 minutes)

• Stage 3 : Bar-raiser culture-based interview (45 minutes) We'll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don't miss out and you should expect to hear back from us within one to two weeks of applying.

• Proficiency in Node.js, with proven experience building production services or CLIs with robust testing, error handling, and secure coding practices.
• Strong experience with Infrastructure as Code (Terraform) and CI / CD (GitHub Actions) for automating cloud and identity configurations, including secure secrets management.
• Solid understanding of core AWS services relevant to modern authentication patterns, such as API Gateway, Lambda authorisers, and CloudWatch.
• A commitment to observability, with hands-on experience implementing structured logging, dashboards, and SLOs for critical services.
• Excellent collaboration skills, demonstrated through participation in design reviews, pairing, and writing clear technical documentation (e.g., runbooks, ADRs).
• Experience with enterprise SSO (OIDC / SAML), SCIM provisioning, and proficiency in TypeScript are highly desirable.

• 27 days holiday + bank holidays (some can be flexible) + day off on your birthday + three days (full time) per year for Dependant leave
• Two volunteering days per year
• Option to work abroad for up to six weeks a year
• Secclbrate - our recognition programme that offers a mix of flexible rewards including extra pay, additional holiday and increased learning budget
• Length of service award - one month paid sabbatical at eight years
• 6% employer pension contribution, and life assurance
• Private medical insurance with AXA Health
• Enhanced Parental leave
• MacBook and up to £500 home office set up budget
• £750 per person learning budget
• Health and wellbeing initiatives including free therapy via Wellness Cloud, mental health support via Headspace
• Strong financial wellbeing focus including access to Octopus Money, Octopus Share Incentive Plan and will writing offering via Octopus Legacy
• Perkbox - Flexi-points giving you a range of discounts and perks including free weekly coffee, gym and retail discounts
• Access to initiatives like Cycle to Work and Octopus Electric Vehicle Leasing

Seccl is the Octopus-owned embedded investment platform that's on a mission to help more people invest - and invest well. We're B-Corp certified with an amazing product-market fit, impressive early traction and the potential to transform an outdated industry, for the better. We've been growing fast and will scale even faster over the next few years. We're also proud to be part of Octopus, the £multi-billion group that's on a mission to breathe new life into broken industries, through companies like Octopus Energy, Octopus Investments and Octopus Money. Check out the Seccl website for the latest on our products and our mission to shape the future of investments.