Responsibilities
* Define and implement secure architecture patterns across engineering platforms (CI/CD, build systems, runtime environments)
* Conduct security assessments, threat modelling, and gap analysis across platforms and pipelines
* Develop and embed DevSecOps best practices, including secure pipeline design and automated controls
* Establish and enforce security baselines using policy-as-code
* Build and deliver security roadmaps, prioritising risk and regulatory requirements
* Partner with engineering and platform teams to remediate vulnerabilities and improve security posture
* Act as a trusted advisor to senior stakeholders, translating technical risks into business impact
Proven background in hands-on DevSecOps Engineering, now operating in a design/architecture-focused role
Qualifications
* Strong experience across both AWS and GCP (essential)
* Deep understanding of CI/CD pipelines, build tools, artifact repositories, and developer platforms
* Expertise in secure software delivery, vulnerability management, and platform security
* Experience with threat modelling, security frameworks, and maturity assessments
* Strong knowledge of application security, network security, and cloud security principles
* Excellent stakeholder management and communication skills
Desirable
* Experience in financial services or regulated environments
* Knowledge of Kubernetes and container security
* Familiarity with supply chain security, SBOM, and secure development practices
* Relevant certifications (eg CISSP, CISM, CCSP)
This is a key role focused on shaping and embedding secure-by-design engineering practices across a complex, enterprise environment, with strong influence across both technology and security functions. More details available on successful application
#J-18808-Ljbffr