Azure DevSecOps Engineer

We’re looking for a hands-on Azure DevOps Engineer with a strong security focus (DevSecOps) to design, implement, and scale secure cloud infrastructure with minimal supervision. An initial 6month, UK based contract working fully remote.

The role is ideal for someone who can take ownership of security engineering initiatives and deliver production-grade solutions using Terraform deployed through CI/CD pipelines. You’ll be working in a modern Azure environment, building reusable, well-structured Terraform modules and embedding security controls across platforms, pipelines, and identity systems.

You’ll lead the implementation of security controls across the Azure estate, including:

• Designing and deploying perimeter protection using Azure Front Door with WAF policies (OWASP Top 10, bot protection).
• Analysing traffic, tuning WAF rules, and working with stakeholders to reduce false positives.
• Defining and enforcing governance through Azure Policy, particularly around firewall and network security standards.
• Implementing container security practices, including scanning for AKS workloads.
• Migrating from basic security defaults to advanced Conditional Access policies in Microsoft Entra ID.
• Driving rollout of identity protections (e.g., phishing-resistant MFA, risky sign-in policies) using Entra ID P2 capabilities.
• Securing CI/CD pipelines (e.g., in Azure DevOps) through managed identities and network restrictions.
• Monitoring and responding to risks identified in Microsoft Defender for Cloud.