DevSecOps Engineer

Role Title: DevSecOps Engineer (SC Cleared)
Duration: 12 Months
Location: London or Bristol (80% Remote)
Rate: £700-£760p/d via Umbrella

The successful candidate will be a British national and hold security clearance

Overview:
We are seeking a DevSecOps Engineer to join an agile delivery team supporting a mission-critical application for the UK defence. The application is live and operates across AWS (EKS) and a highly secure on-premises environment. You will be responsible for embedding security, compliance, and automation into the software delivery life cycle, ensuring the platform and applications meet stringent security and operational standards.
This role requires expertise in Kubernetes (EKS), CI/CD pipelines, GitOps workflows, and security tooling, as well as strong collaboration with developers, infrastructure engineers, and test teams.

Key Responsibilities
. Design, implement, and maintain secure CI/CD pipelines using GitHub Actions, Argo CD, and Argo Rollouts.
. Integrate security scanning (Trivy) into build and deployment workflows; manage vulnerability life cycle and allowlist processes.
. Manage secrets and identity using HashiCorp Vault, External Secrets Operator, and cert-manager for automated certificate rotation.
. Define and enforce security policies for Kubernetes workloads, container images, and infrastructure.
. Collaborate with developers to ensure secure coding practices and compliance with MOD security standards.
. Implement observability and audit solutions using tools such as Grafana, and Fluent Bit.
. Support Infrastructure as Code practices using Pulumi for AWS and Kubernetes resources.
. Contribute to incident response, patching cycles, and compliance reporting.
. Document security processes and controls in Confluence; manage security-related tasks in Jira.

Essential Technical Skills

* CI/CD & GitOps
o GitHub Actions (self-hosted runners), Argo CD, Argo Rollouts.
. Security & Compliance
o Trivy (image and runtime scanning), vulnerability management.
o Vault, External Secrets Operator, cert-manager.
. Kubernetes & Containers
o AWS EKS, Istio (service mesh), Traefik (ingress), containerd/Docker.
. Infrastructure as Code
o Pulumi (YAML, Go, Python).
. Observability
o Grafana, Loki, Fluent Bit.
. Languages
o TypeScript, Python, YAML (K8s manifests), Bash.
. Cloud & Networking
o AWS (IAM, S3, networking), Calico (network policies).