Remotery

Senior DevSecOps Engineer

Posted 49 min ago

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Collaborate with stakeholders to identify security improvements across platform architecture and infrastructure, formulating and executing strategic implementation plans.

• Partner with the Platform team to integrate robust security processes, controls, and tools throughout all system components.

• Conduct threat modeling for both new and existing systems — including AI/LLM-enabled features and agentic workflows — and convert findings into prioritized, actionable tasks.

• Enhance our software supply chain by ensuring dependency and base-image hygiene, SBOM generation, artifact signing and provenance, and securing third-party actions and packages.

• Safeguard the use of AI throughout the SDLC, ensuring that agentic coding tools, assistants, and MCP integrations function within safe, well-defined, and auditable parameters.

• Contribute to the advancement of deployment frameworks, prioritizing security, deployment speed, and system reliability.

• Strengthen platform security through effective secrets management and the secure handling of sensitive information.

• Actively engage in incident response, resolution, and blameless post-mortems to foster continuous improvement.

• Participate in knowledge-sharing initiatives, including tech talks and team-based learning sessions.

• Maintain thorough, up-to-date documentation — including playbooks, runbooks, and comprehensive systems documentation — to support knowledge dissemination.


⛳️ Requirements

• Extensive experience in cybersecurity and related engineering practices.

• Proficient in vulnerability management and remediation at scale.

• Demonstrated experience in DevOps / DevSecOps engineering within large-scale platforms.

• Expertise in distributed cloud systems, particularly Amazon Web Services.

• Proficient in Infrastructure as Code (IaC) tools such as Terraform and CloudFormation.

• Experience with programming languages like PHP, Bash, or Python.

• Knowledge of Docker and containerization, with an understanding of container and runtime security.

• Familiarity with software supply-chain security: SBOMs, dependency scanning, and artifact signing / provenance (e.g., SLSA, Sigstore).

• Skills in secrets management and detection (e.g., Vault, cloud-native secret stores, secret scanning in CI).

• Experience with security tools across the SDLC: SAST, DAST, SCA, IaC scanning, and container scanning (e.g., Snyk, Trivy).

• Understanding of policy-as-code and guardrails (e.g., OPA / Conftest), with an identity-centric / zero-trust approach to access.

• Familiarity with monitoring and detection tools like DataDog, Prometheus, or similar platforms.

• A proactive attitude toward problem-solving, combined with strong teamwork and communication skills.

• Exceptional command of written and spoken English to effectively convey ideas and concepts.

• Practical knowledge of AI/LLM security risks and their mitigations — such as prompt injection, jailbreaks, insecure output handling, sensitive data leakage, and excessive agency (aligned with the OWASP Top 10 for LLM Applications).

• Experience securing AI-assisted and agentic development tools: scoping permissions, sandboxing, logging and auditing, and preventing secret or data exfiltration through AI agents and MCP servers.

• Familiarity with AI threat modeling and adversarial techniques (e.g., MITRE ATLAS) and conducting or supporting AI-aware red teaming.

• Awareness of AI governance and assurance frameworks (e.g., NIST AI RMF, ISO/IEC 42001) and their interaction with data protection obligations for a multi-tenant platform handling children's data.

• Confident and responsible use of AI tools to enhance security efforts — including triage, detection engineering, code review, and documentation — while recognizing and addressing their limitations.

• Previous experience with enterprise solutions operating at scale (Bonus).

• Familiarity with Kanban and agile development methodologies (Bonus).

• Knowledge of software best practices such as Refactoring, Clean Code, Domain-Driven Design, and Test-Driven Development (Bonus).

• Experience with compliance frameworks relevant to EdTech (e.g., NIST CSF, ISO 27001, SOC 2, UK GDPR) (Bonus).

• Relevant certifications (e.g., AWS Security Specialty, OSCP, or AI security/governance credentials) (Bonus).


🏝️ Benefits

• A dedicated wellbeing team that promotes initiatives such as mindfulness, lunch and learns, manager training, mental health first aid training, and more!

• 32 days of vacation (in addition to Bank Holidays), comprising 25 days of annual leave plus 7 extra company-wide days given during Easter, Summer, and Christmas.

• Life Assurance provided at 3x annual salary.

• Comprehensive wellness benefits through AIG Smart Health, offering a 24/7 virtual GP service, mental health support, counseling, and personalized health checks.

• Private Dental Insurance with Bupa.

• Salary sacrifice Pension provided by Scottish Widows.

• Enhanced maternity and adoption leave (20 weeks full pay) and paternity leave (6 weeks full pay).

• Five free return-to-work maternity coaching sessions to assist you in transitioning during this exciting time in your life!

• Access to services like Calm and Bippit for financial wellbeing coaching.

• All roles promote flexible working, and we are open to discussing what that means for you.

• Social committees that organize team, office, and company-wide events to foster community and celebrate achievements.

• A dedicated professional development training budget for CPD courses, upskilling resources, professional memberships, etc.

• Opportunity to volunteer with a charity of your choice for one day each year.

• Dog-friendly offices!

People also viewed

Flywire23 min ago

Site Reliability Engineering Manager II

US flagIllinois OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$160k – $200k/year
ApplyView job
Pythian23 min ago

Site Reliability Engineer

IN flagIndia OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
A:20Labs23 min ago

Lead DevOps Engineer

US flagIllinois OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
3Pillar Global23 min ago

Senior DevOps Engineer – AWS, Python

CR flagCosta Rica OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
FICO23 min ago

Lead ML Ops/DevOps Engineer – AI Engineering

US flagUnited States OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$140k – $220k/year
ApplyView job
Veeam Software49 min ago

Senior Site Reliability Engineer – FedRamp

US flagCalifornia OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$158.4k – $320.9k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers