DevSecOps Pentester
Location: London, UK (Hybrid 23 days onsite)
Type: Contract (6 months) | Rate: Market| Start Date: ASAP
About the Role
Our client, a leading global organization, is looking for an experienced DevSecOps Pentester to join a leading security team in London. Youll perform penetration tests and security assessments across CI/CD pipelines, cloud environments, and applications, integrating automated security tools and practices into DevOps workflows. This role is ideal for someone who can identify vulnerabilities in code, containers, APIs, and infrastructure-as-code before production, collaborate closely with DevOps and development teams, and help improve enterprise security posture.
Key Responsibilities
Integrate security tools and practices into CI/CD pipelines for continuous validation.
Conduct manual and automated security testing on web apps, APIs, pipelines, and cloud infrastructure.
Identify and exploit vulnerabilities in CI/CD workflows, IaC, containers, and cloud-native architectures (AWS, Azure, GCP, Docker, Kubernetes).
Participate in agile ceremonies including sprint planning, threat modeling, and secure design reviews.
Produce detailed reports with executive summaries, technical findings, and actionable remediation guidance.
Validate remediation efforts and perform retesting cycles.
Advise on secrets management, IAM, and secure deployment practices.
Educate and collaborate with development and operations teams on security best practices.
Required Skills & Experience
Strong application security knowledge (OWASP Top 10, API security).
Manual pentesting experience on modern web apps, APIs, and CI/CD pipelines.
Deep understanding of DevSecOps practices, secure SDLC, threat modeling, and secure design review.
Proficiency in automating security checks using Jenkins, GitLab, Ansible, or similar tools.
Secure coding knowledge and familiarity with common developer pitfalls.
Scripting for testing/automation: Python, Bash, Go.
Cloud-native and container experience: Docker, Kubernetes, IaC.
Cloud security knowledge: AWS, Azure, GCP, and cloud security best practices.
Experience collaborating in agile, fast-paced environments with developers and DevOps teams.
Nice to Have
OSCP, OSWA, CRTO, GWAPT, GPEN, eWPT certifications.
Azure Security Engineer Associate or AWS Security Specialty.
Kubernetes security or DevSecOps-focused certifications.
Strong analytical, problem-solving, reporting, and customer engagement skills.
Why Join
Lead security testing in high-impact CI/CD and cloud-native projects.
Collaborate with a cutting-edge security and DevOps team.
Influence secure development practices and enhance enterprise security posture.
If you have the relevant experience, please apply with your CV and we will be in touch.
TPBN1_UKTJ