
Senior DevSecOps Engineer
Posted 49 min ago

Posted 49 min ago
This is a fully remote position, open to applicants in United Kingdom.
• Collaborate with stakeholders to identify security improvements across platform architecture and infrastructure, formulating and executing strategic implementation plans.
• Partner with the Platform team to integrate robust security processes, controls, and tools throughout all system components.
• Conduct threat modeling for both new and existing systems — including AI/LLM-enabled features and agentic workflows — and convert findings into prioritized, actionable tasks.
• Enhance our software supply chain by ensuring dependency and base-image hygiene, SBOM generation, artifact signing and provenance, and securing third-party actions and packages.
• Safeguard the use of AI throughout the SDLC, ensuring that agentic coding tools, assistants, and MCP integrations function within safe, well-defined, and auditable parameters.
• Contribute to the advancement of deployment frameworks, prioritizing security, deployment speed, and system reliability.
• Strengthen platform security through effective secrets management and the secure handling of sensitive information.
• Actively engage in incident response, resolution, and blameless post-mortems to foster continuous improvement.
• Participate in knowledge-sharing initiatives, including tech talks and team-based learning sessions.
• Maintain thorough, up-to-date documentation — including playbooks, runbooks, and comprehensive systems documentation — to support knowledge dissemination.
• Extensive experience in cybersecurity and related engineering practices.
• Proficient in vulnerability management and remediation at scale.
• Demonstrated experience in DevOps / DevSecOps engineering within large-scale platforms.
• Expertise in distributed cloud systems, particularly Amazon Web Services.
• Proficient in Infrastructure as Code (IaC) tools such as Terraform and CloudFormation.
• Experience with programming languages like PHP, Bash, or Python.
• Knowledge of Docker and containerization, with an understanding of container and runtime security.
• Familiarity with software supply-chain security: SBOMs, dependency scanning, and artifact signing / provenance (e.g., SLSA, Sigstore).
• Skills in secrets management and detection (e.g., Vault, cloud-native secret stores, secret scanning in CI).
• Experience with security tools across the SDLC: SAST, DAST, SCA, IaC scanning, and container scanning (e.g., Snyk, Trivy).
• Understanding of policy-as-code and guardrails (e.g., OPA / Conftest), with an identity-centric / zero-trust approach to access.
• Familiarity with monitoring and detection tools like DataDog, Prometheus, or similar platforms.
• A proactive attitude toward problem-solving, combined with strong teamwork and communication skills.
• Exceptional command of written and spoken English to effectively convey ideas and concepts.
• Practical knowledge of AI/LLM security risks and their mitigations — such as prompt injection, jailbreaks, insecure output handling, sensitive data leakage, and excessive agency (aligned with the OWASP Top 10 for LLM Applications).
• Experience securing AI-assisted and agentic development tools: scoping permissions, sandboxing, logging and auditing, and preventing secret or data exfiltration through AI agents and MCP servers.
• Familiarity with AI threat modeling and adversarial techniques (e.g., MITRE ATLAS) and conducting or supporting AI-aware red teaming.
• Awareness of AI governance and assurance frameworks (e.g., NIST AI RMF, ISO/IEC 42001) and their interaction with data protection obligations for a multi-tenant platform handling children's data.
• Confident and responsible use of AI tools to enhance security efforts — including triage, detection engineering, code review, and documentation — while recognizing and addressing their limitations.
• Previous experience with enterprise solutions operating at scale (Bonus).
• Familiarity with Kanban and agile development methodologies (Bonus).
• Knowledge of software best practices such as Refactoring, Clean Code, Domain-Driven Design, and Test-Driven Development (Bonus).
• Experience with compliance frameworks relevant to EdTech (e.g., NIST CSF, ISO 27001, SOC 2, UK GDPR) (Bonus).
• Relevant certifications (e.g., AWS Security Specialty, OSCP, or AI security/governance credentials) (Bonus).
• A dedicated wellbeing team that promotes initiatives such as mindfulness, lunch and learns, manager training, mental health first aid training, and more!
• 32 days of vacation (in addition to Bank Holidays), comprising 25 days of annual leave plus 7 extra company-wide days given during Easter, Summer, and Christmas.
• Life Assurance provided at 3x annual salary.
• Comprehensive wellness benefits through AIG Smart Health, offering a 24/7 virtual GP service, mental health support, counseling, and personalized health checks.
• Private Dental Insurance with Bupa.
• Salary sacrifice Pension provided by Scottish Widows.
• Enhanced maternity and adoption leave (20 weeks full pay) and paternity leave (6 weeks full pay).
• Five free return-to-work maternity coaching sessions to assist you in transitioning during this exciting time in your life!
• Access to services like Calm and Bippit for financial wellbeing coaching.
• All roles promote flexible working, and we are open to discussing what that means for you.
• Social committees that organize team, office, and company-wide events to foster community and celebrate achievements.
• A dedicated professional development training budget for CPD courses, upskilling resources, professional memberships, etc.
• Opportunity to volunteer with a charity of your choice for one day each year.
• Dog-friendly offices!
Flywire
Pythian
A:20Labs
3Pillar Global
Get handpicked remote jobs straight to your inbox weekly.