Hours:
35 hours per week
Closing Date:
Fri, 10 Apr 2026
As ourDevSecOpsCapability Manager,you’lllead and scale Skipton’sDevSecOpscapability to enable fast,safeand compliant software delivery across our product and platform teams. You will be accountable for embeddingsecurebydesignprinciples, modern automation practices, andpolicyascodeinto our CI/CD ecosystem, ensuring that our engineering teams can deliverhighqualitychange with confidence.
You will drive improvements in lead time, deployment frequency, change failure rate and system reliability, all measured through our Engineering Scorecard. This role blends technical strategy, leadership, governance andhandsoncapability development to strengthen our engineering foundations and support delivery of the Society’s Corporate Plan.
What will you be doing?
Value, Flow & Quality
1. Owning lead time for changes anddeploymentfrequencyoutcomes across shared pipelines and platforms.
2. Publishing DORA and flow metrics monthly, using them to drive targeted improvements.
3. Removing delivery bottlenecks through automation andpolicyascode, includingtrunkbaseddevelopment, automated approvals forlowriskchanges, canary/bluegreendeployment andautorollback.
4. Triggering “scorecard → investment” actions when performance thresholds are breached to restore flow,qualityand reliability.
Leadership & Capability Development
5. Leading, coaching and developing a team of 3–5DevSecOpsEngineers.
6. Defining and maintainingDevSecOpsstandards,patternsand best practices across engineering teams.
7. Building ahighperformingengineering culture focused on security,automationand continuous improvement.
Strategy, Governance & Technical Direction
8. Setting the strategy forDevSecOpscapabilities, including pipeline standardisation and security automation.
9. Establishing governance for secure CI/CD,infrastructureascodeand cloud delivery.
10. Defining and enforcing Observability Minimum Standards including tracing, SLOs,releaselinkedannotations and dashboards.
11. Mandatingsecurityinthepipeline, including secrets protection, SAST/SCA/DAST,IaCscanning and WAF coverage for external apps.
12. Governing Golden Path (ProdOS) templates,patternsand adoption levels.
Operational Oversight & Risk Management
13. Overseeing the reliability, performance and security posture of pipelines,platformsand engineering tooling.
14. Ensuring effective vulnerability management, including remediation tracking and escalation.
15. Providing leadership during incidents andpostincidentreviews, improving MTTR androotcauseclarity.
16. Integrating telemetry across Azure, Defender, Entra and WAF to unify our security posture.
17. Using SLO/errorbudgetsignals and observability insights to inform go/nogoand rollback decisions.
Collaboration Across Technology & Business
18. Acting as a senior advisor to Engineering Managers, ProductOwnersand Cyber Security teams.
19. Ensuring strong alignment on security requirements, deliveryprocessesand adoption of modern practices.
20. RepresentingDevSecOpsacross governance forums and contributing totechnologywidedecisions.
21. Acting as a visible advocate for safe, rapid delivery and sharing best practice internally and externally.
Tooling, Automation & Platform Optimisation
22. Leading decisions onDevSecOpstooling, including evaluation and lifecycle management.
23. Driving automation across testing, security scanning, deployment,monitoringand compliance.
24. Partnering with Cloud and Platform Engineering to ensure scalable,resilientand consistentDevSecOpsecosystems.
25. Owning the Golden Path service catalogue, including pipelines,IaCmodules and secure defaults.
Business Continuity & Operational Resilience
26. Embedding BCP andoperationalresiliencecontrols directly aspolicyascode.
27. Ensuring pipelines produceauditreadyevidence for regulated environments.
28. Running periodic gamedays with Release & Environments teams tovalidaterecoverability.
What do we need from you?
Knowledge, skills & experience
29. Strong leadership andpeoplemanagementexperience, particularly coaching senior engineers.
30. Deepexpertisein CI/CD design,automationand security integration.
31. Strong understanding of cloud platforms, containerisation,infrastructureascodeand modern delivery patterns.
32. Demonstrated ability to address and remediate security risks at scale.
33. Excellent communication and influencing skills across technical and nontechnical audiences.
34. Proventrack recordof improving DORA and flow metrics through automation and modern engineering practices.
35. Experience defining observability standards and implementing unified dashboards.
36. Extensive experience in DevOps, securityengineeringor platform engineering within complex or regulated environments.
37. Strong working knowledge of automated security tooling (SAST, SCA, DAST, secrets scanning, container scanning).
38. Experience in cloud security,identityand access management,zerotrustprinciples and platform guardrails.
39. Practical involvement in incident management andpostincidentreview processes.
40. Demonstrable delivery ofpolicyascodeandcomplianceascodein regulated environments.
Behaviours
41. Strategic thinker with the ability to influence and shape technology decisions.
42. Empowers and develops others, creating a supportive,growthfocusedteam environment.
43. Outcomeoriented,maintainingbalance between security,speedand reliability.
44. Collaborative and influential, building trust across diverse teams.
45. Continuousimprovement mindset, simplifying and enhancing engineering practices.
46. Calm under pressure, particularly during incidents or complex challenges.
47. Visible champion for modern engineering ways of working andDevSecOpsadoption.
Who are we?
Not just another building society. Not just another job.We’rethe fourth biggest building society in the UK and what makes us a bit different is thatwe'rea mutual organisation. Wedon'thave shareholders;we'reowned by our members.
Our colleagues say Skipton'sa great placeto work, and you could be one of them, bringing with younew ideason how we can keep customers at the heart of what we do. Whatever your background, and whatever your goals,we'llhelp you take the next step towards a better future.
What’sin it for you?
Skipton values work/life balance and we are proud to support hybrid and flexible working, where possible. We have a newly refurbished head office which offers a vibrant and collaborative working space.
We have a range of other benefits available to you including:
48. Annual discretionary bonus scheme
49. 25 days standard annual leave + bank holidays + rising 1 day per year of service to a maximum of 30 days
50. Holiday trading scheme allowing the ability to buy and selladditionalannual leave days
51. Matching employer pension contribution (up to 10% per annum)
52. Colleague mortgage (conditions apply)
53. Salary sacrifice scheme for hybrid & electric car
54. A commitment to training and development
55. Private medical insurance for all our colleagues
56. 3 paid volunteering days per annum
57. Diverse and inclusive colleague networks available for you to join including our Carers and Pride Alliance groups
58. We care about your health and wellbeing – weprovidea range of benefits that support this including cycle to work initiative and discounted gym membership