We're looking for a hands-on DevSecOps Engineer to take ownership of application and cloud security across a modern, Azure-first product environment. This is a product-focused security role, sitting at the intersection of development, DevOps and security, helping teams understand why vulnerabilities exist and how to fix them properly.
The foundations are already strong, with regular external penetration testing, positive audit outcomes, and mature security tooling are in place. Your role is to raise the bar further, embedding security deeper into how products are built, configured and deployed.
You'll be the subject matter owner for DevSecOps, working closely with developers, DevOps and product teams to improve security posture through insight, automation and education.
The role:
Act as the DevSecOps lead, owning application and cloud security practices across the business
Analyse outputs from SAST and DAST tools (e.g. Snyk, BrightSec), understanding vulnerabilities at a low level and advising development teams on remediation
Work closely with DevOps to ensure secure configuration and deployment within Azure (including Azure Front Door, WAF, Defender for Cloud, Sentinel)
Support and interpret results from ITHC (UK Government-standard) penetration tests, ensuring findings are understood and remediated across product and platform teams
Embed security controls and testing into CI/CD pipelines, improving automation and consistency
Help educate and uplift DevOps and engineering teams on secure practices where needed
Collaborate with external security partners, audits and penetration testing providers
Investigate and support resolution of security issues raised via customers or automated alerts
Provide security input into customer discussions alongside sales and consultancy teams About you:
Comfortable operating as a solo SME, owning the subject, partnering with the business and third parties
Experienced with working in a software house and product led environment
Strong background and understanding of Azure
Ability to share knowledge and educate the wider team on best practices
Ideally with a background who has tight security principles
Glasgow based office, hybrid working with minimum 2x office days per week.
Salary £60,000 - £65,000 + benefits
Permanent opportunity
* Full UK right to work required as successful candidate will be taken through clearance checking