DevSecOps Security Engineer
Role details
Job location
Tech stack
Job description
We are seeking a DevSecOps Security Engineer to help elevate security across cloud platforms, delivery tooling, and production environments. You'll play a central role in embedding modern defensive practices, advancing automation, and strengthening engineering resilience across the organisation.
This position requires being on-site in Cambridge three days per week, so applicants should be comfortable with a regular hybrid working pattern.
Platform Security & Automation
-
Introduce protective validation steps throughout software delivery workflows, covering code quality, open-source components, and container images.
-
Engineer automated mechanisms that streamline compliance reporting and reduce operational overhead.
-
Enforce policy-driven safeguards within infrastructure deployment processes.
-
Improve credential management approaches and mature access governance practices. Exposure Management & Technical Controls
-
Assist in reviewing weaknesses across applications and infrastructure and support risk-based prioritisation.
-
Partner with engineering teams to resolve issues efficiently and pragmatically.
-
Refine detection tooling by tuning logic and reducing unnecessary or inaccurate alerts. Operational Readiness & Observability
-
Strengthen visibility across systems through improved log pipelines, alerting pathways, and monitoring strategies.
-
Contribute to updating response guidelines, runbooks, and incident-handling materials.
-
Support initiatives aimed at enhancing defensive posture and operational robustness across platforms. Core Requirements
Requirements
-
Strong experience in DevSecOps, cloud security, or infrastructure security functions.
-
Hands-on knowledge of modern CI/CD pipelines and automation tooling.
-
Proven background securing AWS environments (Azure or GCP is also valuable).
-
Practical experience with security scanning, vulnerability tooling, and tuning to improve accuracy.
-
Proficiency in automation or scripting languages such as Python or Bash.
-
Experience delivering infrastructure through IaC tooling such as Terraform or CloudFormation. Preferred Background & Additional Capabilities
-
Knowledge of securing containerised environments and orchestration platforms.
-
Experience working within assurance-focused frameworks including ISO 27001, SOC 2, or NIST.
-
Familiarity with automated governance and policy-driven cloud controls.
-
Exposure to investigative, detection, or security operations workflows. Qualifications That Would Be Beneficial
-
Industry security certifications such as CISSP, CISM, CCSP, or GSEC.
-
Cloud-focused qualifications like AWS Security Specialty, AWS Solutions Architect, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer.
-
DevOps and automation-related certifications such as Terraform Associate, CKA/CKAD, or Kubernetes Security Specialist (CKS).
-
Compliance and governance accreditations including ISO 27001 Lead Implementer/Lead Auditor, CompTIA Security+, or NIST-aligned training.
-
Relevant computing or cybersecurity degree (BSc/MSc) or equivalent practical experience.
Keywords
DevSecOps, Cloud Security, AWS, Azure, GCP, CI/CD, Secure Software Delivery, Static Analysis, Dynamic Analysis, Dependency Scanning, Container Security, Kubernetes Security, Infrastructure as Code, Terraform, CloudFormation, Pipeline Security, Cloud Governance, Policy as Code, Secrets Management, Identity and Access Management, Vulnerability Remediation, Threat Detection, Observability, Logging, Automation Engineering, Python, Bash, Zero Trust, Security Hardening, Cloud Monitoring, Least Privilege, Compliance Automation, Security Orchestration
