Job Description
Anticipated Contract End Date/Length: May 18, 2027
Work set up: Hybrid
Our client in the Information Technology and Services industry is looking for a DevSecOps Security Consultant to support the advancement of cybersecurity maturity across global engineering platforms. This role focuses on ensuring build systems, runtime infrastructure, and developer tooling are secure by design, while enabling scalable, resilient, and efficient software delivery within complex enterprise environments.
What you will do:
* Develop and maintain an engineering platform cybersecurity maturity framework to standardise assessments.
* Conduct security assessments across build systems, CI/CD pipelines, runtime infrastructure, and developer tooling.
* Perform threat modelling and gap analysis to identify vulnerabilities and systemic risks.
* Define and implement secure architecture patterns across engineering platforms.
* Establish and enforce platform security baselines using policy-as-code and automated controls.
* Collaborate with platform owners to remediate security gaps and implement scalable solutions.
* Integrate vulnerability management, SBOM, code-signing, and artifact integrity practices into engineering workflows.
* Prioritise security gaps based on risk, regulatory impact, and operational criticality.
* Develop and execute security roadmaps in collaboration with engineering and platform teams.
* Embed security best practices and DevSecOps principles into engineering platforms.
* Engage with stakeholders to translate technical risks into business impact.
* Represent cybersecurity functions in governance forums and provide updates on progress and risk posture.
* Influence and align stakeholders to drive consistent adoption of cybersecurity standards.
* Track and report cybersecurity maturity metrics and drive measurable improvements.
* Continuously evolve frameworks and practices in response to emerging threats and technologies.
* Promote a secure-by-design engineering culture through advocacy and knowledge sharing.
Qualifications
* Proven expertise in cybersecurity within large-scale, regulated environments or complex enterprise organisations.
* Strong technical knowledge of engineering platforms, including CI/CD systems, build tools, artifact repositories, runtime environments, and developer tooling.
* Extensive experience with DevSecOps practices, including secure pipeline design, security tooling integration, and automation of controls.
* Solid understanding of service mesh, cryptography, network security, application security, vulnerability management, and risk management.
* Demonstrated ability to conduct threat modelling, security assessments, and gap analysis.
* Experience developing and implementing maturity frameworks and strategic roadmaps.
* Strong stakeholder management skills with the ability to influence senior leadership and cross-functional teams.
* Excellent communication skills with the ability to translate technical concepts into business impact.
* Professional certifications such as CISSP, CISM, CCSK, or CCSP are desirable.
* Experience with cloud security across AWS, Azure, or GCP and container platforms such as Kubernetes is advantageous.
* Familiarity with engineering excellence practices such as supply chain security, SBOM, and secure development tooling is beneficial.
Additional Information
Candidates must be legally authorized to live and work in the country where the position is based, without requiring employer sponsorship.
HelloKindred is committed to fair, transparent, and inclusive hiring practices. We assess candidates based on skills, experience, and role-related requirements.
We appreciate your interest in this opportunity. While we review every application carefully, only candidates selected for an interview will be contacted.
HelloKindred is an equal opportunity employer. We welcome applicants of all backgrounds and do not discriminate on the basis of race, colour, religion, sex, gender identity or expression, sexual orientation, age, national origin, disability, veteran status, or any other protected characteristic under applicable law.