Sheffield (3 days per week onsite)
Inside IR35
We're partnering with a leading financial services client to appoint a DevSecOps Consultant to drive secure engineering practices across large-scale, cloud-based platforms.
This role is ideal for someone who has come from a hands-on DevSecOps Engineering background and has since transitioned into architecture/design and advisory, while still retaining strong technical depth.
Key Responsibilities:
Define and implement secure architecture patterns across engineering platforms (CI/CD, build systems, runtime environments)
Conduct security assessments, threat modelling, and gap analysis across platforms and pipelines
Develop and embed DevSecOps best practices, including secure pipeline design and automated controls
Establish and enforce security baselines using policy-as-code
Build and deliver security roadmaps, prioritising risk and regulatory requirements
Partner with engineering and platform teams to remediate vulnerabilities and improve security posture
Act as a trusted advisor to senior stakeholders, translating technical risks into business impact
Key Requirements:
Proven background in hands-on DevSecOps Engineering, now operating in a design/architecture-focused role
Strong experience across both AWS and GCP (essential)
Deep understanding of CI/CD pipelines, build tools, artifact repositories, and developer platforms
Expertise in secure software delivery, vulnerability management, and platform security
Experience with threat modelling, security frameworks, and maturity assessments
Strong knowledge of application security, network security, and cloud security principles
Excellent stakeholder management and communication skills
Desirable:
Experience in financial services or regulated environments
Knowledge of Kubernetes and container security
Familiarity with supply chain security, SBOM, and secure development practices
Relevant certifications (eg CISSP, CISM, CCSP)
This is a key role focused on shaping and embedding secure-by-design engineering practices across a complex, enterprise environment, with strong influence across both technology and security functions.
More details available on successful application.