5 of 5 Contract DevSecOps Jobs in the West Midlands

of modern DevOps practices, cloud and container technologies, automation tooling, and software engineering principles. You will work closely with development, security, and operations teams to drive a culture of DevSecOps and continuous improvement. Key Responsibilities Design, build, and maintain scalable CI/CD pipelines using modern DevOps tooling. Implement Infrastructure-as-Code (IaC) to provision and manage cloud/on … infrastructure. Manage container orchestration platforms and develop containerized solutions. Monitor systems and applications for availability, performance, and security compliance. Automate operational tasks including testing, deployment, patching, and scaling. Apply DevSecOps principles to secure applications and infrastructure across SDLC. Collaborate with cross-functional teams (developers, testers, security analysts) to streamline software delivery. Participate in code reviews, architecture design, and incident resolution. More ❯

solutions that support millions of users across the UK. If you're SC & NPPV3 cleared and have strong hands-on experience with AWS, Terraform, CI/CD pipelines, and DevSecOps best practices - this is the role for you. Key Responsibilities: Design and implement cloud infrastructure solutions on AWS , following best-practice security and resilience patterns. Develop reusable Infrastructure as Code … and maintain secure CI/CD pipelines using Jenkins , Groovy scripting , and other automation tools. Enable robust monitoring and observability through Grafana, Prometheus, Alert Manager , and related tools. Apply DevSecOps practices , integrating tools like SonarQube , ClamAV , and MS Defender into delivery pipelines. Essential Skills & Experience: 10+ years of hands-on DevOps experience with a focus on AWS cloud platforms Strong More ❯

note - The selected candidate must be eligible for UK Security Clearance *** The Security Development and Test Director is responsible for overseeing the secure software development lifecycle, security testing, and DevSecOps practices at both strategic and operational levels. The role ensures the effectiveness of security practices in software development, manages security testing, drives operational maturity improvements, and oversees secure coding practices. … profitability analysis. o Monitor expenses and identify cost reduction opportunities. o Ensure profitability through forecasting and margin analysis. o Refine pricing models and maximise billable utilisation. * Secure Architecture and DevSecOps Integration o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001). o Lead … security scanners. o Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment. o Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery. o Collaborate with enterprise architects, engineering leads, and product owners to ensure security is More ❯

/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except Ideally some AppSec/DevSecOps or Ethical Hacking experience - with a good understanding of Web Application attacks and security; they must be familiar with the OWASP Top 10 If they have Security Engineering skills too … if we use in-house resource instead of 3rd party vendors. Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques. Providing DevSecOps SME & pipeline build support for the automation works Monitor and review all tuning requests. Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and More ❯

identify and reduce false positives, optimising rule sets for accuracy and performance. Provide SME-level guidance on web and API-based attack methodologies, evasion techniques, and mitigation strategies. Support DevSecOps pipeline integration for automated WAF efficacy testing. Maintain comprehensive documentation for tuning procedures, policies, and configurations. Stay ahead of emerging web security threats and trends to continuously enhance protection measures. … at least three major WAF vendors (eg, Akamai, F5, AWS, GCP). Familiarity with the OWASP Top 10 and modern web attack techniques. Desirable Skills/Experience Experience in DevSecOps practices and pipeline automation. Security engineering expertise alongside WAF specialism. Experience reverse-engineering exploits to develop mitigation rules. Strong cross-functional collaboration skills for integrating WAF solutions into existing security More ❯