DevOps Engineer

Job Title: DevOps Engineer

Location: London / Hybrid - (Mainly remote with infrequent travel)

Employment: Contract

Duration : (3 months rolling contract)

GENERAL ROLE OVERVIEW:

• Strategic guidance for secure adoption and use of SaaS & PaaS platforms and services in the Microsoft, Google & Atlassian ecosystem, MongoDB Atlas and other first-party platforms developed by M&S. The services include databases, API gateways, code repositories, integration services, and others
• Technical consulting to identify misconfigurations and reduce platform risk, helping raise organizational awareness of risks and best practices by participating in workshops, documentation efforts, and knowledge sharing
• Support for secure design and integration of tools across business programs, providing access & configuration reviews for the various platforms; contributing to the implementation of platform security standards, policies, and baselines under guidance from senior team members; building a culture of security by promoting automation, repeatable patterns, and consistent practices across teams
• Assistance in identifying and remediating platform-specific vulnerabilities
• Automation of security checks, configuration reviews, and access hygiene, including assistance in security integration into CI/CD pipelines, contributing to automated checks (e.g., GitHub Actions) that identify misconfigurations, vulnerabilities, and policy violations
• Collaboration with platform teams and vendors to help evaluate and integrate security tools, ensuring smooth adoption across new and existing services.
• Stay current on emerging platforms and assist in researching security considerations to support evolving organizational technology needs.

ESSENTIAL REQUIREMENTS:

• Solid understanding of Identity and Access security, including but not limited to least privilege, zero trust, authentication, authorisation, SSO, JWT, RBAC/ABAC/PBAC
• Solid understanding of security principles and architecture, particularly for databases and APIs
• Understanding of Platform & Configuration Security, and Platform Monitoring, Response and Governance
• Scripting (Python, Bash) for task automation and terraform for IAC
• Understanding of security threats like DDoS, brute force, exfiltration, spoofing, and other relevant threats
• 3 years of hands-on experience in platform or infrastructure security, with a strong interest in building skills in this area.
• Exposure to or interest in integrating security into CI/CD pipelines and platform workflows (experience with GitHub Actions or similar tools is a plus).
• Strong analytical and problem-solving skills, with a curiosity to learn and grow in complex technology environments.
• Good communication and teamwork skills, with the ability to collaborate with platform, DevOps, and security teams.
• Enthusiasm for working in a fast-paced, dynamic environment, with support and mentorship from senior team members.

DESIRABLE SKILLS:

• Exposure to or interest in learning how security policies, standards, and governance frameworks are applied to APIs and databases.
• Understanding of Data Protection & Privacy
• Basic familiarity with API security concepts and tooling such as Apigee, Kong, or similar.
• Certifications are not required, but working toward industry-recognized credentials (e.g., Security+, AWS/Azure/GCP fundamentals) is encouraged.
• Foundational understanding of cloud security principles and an eagerness to learn more about securing APIs and databases in cloud environments.
• Awareness of container security basics and interest in learning how to secure deployment workflows, access controls, and monitoring for APIs and data services.