Job Specifications
Our client is a fast-growing SaaS platform focused on helping customers make the most of their savings by providing access to a wide range of financial products.
They work with financial institutions such as wealth managers, fintechs, banks, and advisors, offering tools that enable better returns on cash, stronger client engagement, and simpler operations. Their mission is to help savers get more value from their cash.
This role is 3 days a week in Leeds
The role
They need a skilled and proactive DevSecOps Engineer to take ownership of security frameworks, testing, and the hands-on implementation of secure systems.
You will join the Engineering team and play a key role in embedding security practices throughout the software development lifecycle, ensuring systems are secure by design. This is a hands-on role requiring strong experience in security testing, framework design, automation, and building secure, scalable infrastructure.
Key responsibilities
Secure CI/CD pipelines
Design, build, and maintain secure CI/CD pipelines by embedding security tools and practices into the development workflow.
Infrastructure security
Integrate and manage security tools for code analysis, vulnerability scanning, container security, and dependency management.
Implement and manage security controls across cloud infrastructure, using infrastructure-as-code tools with a security-first mindset.
Vulnerability management
Perform regular automated security assessments, including vulnerability scanning, supporting penetration testing, and remediation planning.
Automation
Automate security testing processes (including SAST, DAST, and IAST) to identify and remediate vulnerabilities earlier in the SDLC.
Collaboration
Work closely with development and information security teams to promote a strong DevSecOps culture and ensure best practices are followed.
Monitoring and reporting
Establish and maintain monitoring systems to detect threats and anomalies, providing actionable insights to mitigate risk.
Build security monitoring and alerting capabilities using SIEM tools or cloud-native monitoring solutions.
Technical expertise
Strong hands-on experience with CI/CD tools (e.g. Jenkins, GitLab CI, GitHub Actions, CircleCI).
Hands-on experience with infrastructure-as-code tools such as Terraform or CloudFormation.
Experience securing cloud platforms (AWS preferred) and containerised environments (Docker, Kubernetes), with a strong focus on security.
Scripting and automation skills using Bash, Python, or similar languages.
Solid understanding of secure coding practices, application security principles, and relevant compliance frameworks.
Experience implementing security tools such as SAST/DAST solutions, vulnerability scanners, and cloud security tooling (e.g. OWASP ZAP, SonarQube, Snyk, tfsec, Trivy, cloud-native security services).
Experience with monitoring and logging platforms such as ELK or cloud-native observability tools.
Hands-on experience with SIEM systems and threat detection.