Lead DevSecOps Engineer We are hiring a Lead DevSecOps Engineer to take ownership of the security, reliability and operational maturity of a growing cloud platform. This is a foundational role where you will build the DevSecOps framework from the ground up, rather than simply maintaining existing processes. You will work closely with the Head of Engineering and a high-performing engineering team to embed security into the development lifecycle, improve cloud operations, standardise infrastructure practices and build scalable systems that support the next stage of growth. About the role This role is suited to a pragmatic, hands-on DevSecOps or Platform Engineering professional who can bring structure to a fast-moving environment. You will be responsible for improving AWS security, strengthening CI/CD pipelines, implementing Infrastructure-as-Code, centralising secrets management and building a strong observability capability. You will have autonomy to choose tools, define standards and shape the way cloud infrastructure, security and deployment practices evolve as the business scales. Key responsibilities Own and improve the security, reliability and operational maturity of the AWS cloud environment Implement least-privilege IAM, secure access controls, MFA enforcement and cloud security guardrails Centralise secrets management using tools such as AWS Secrets Manager or HashiCorp Vault Build, harden and standardise CI/CD pipelines with security gates, scanning and automation Introduce and manage Infrastructure-as-Code using tools such as Terraform, Pulumi or CloudFormation Implement cloud security monitoring, alerting and real-time visibility across environments Build centralised observability across logging, metrics, tracing, dashboards and SLIs/SLOs Partner with engineers to embed security into development without slowing delivery Translate security risks into practical engineering priorities and remediation plans Create secure platform patterns, pipeline templates and reusable infrastructure modules What you will bring 7 years’ experience across DevOps, Platform Engineering or DevSecOps At least 2 years’ experience focused on security practices Deep AWS experience across IAM, KMS, Secrets Manager, VPC, Lambda, ECS/Fargate, EKS, EC2, S3, CloudWatch, CloudTrail, GuardDuty, Config and Security Hub Strong experience designing and enforcing least-privilege IAM strategies Strong Infrastructure-as-Code experience with Terraform, Pulumi, CloudFormation or similar Experience with policy-as-code tools such as Checkov, tfsec or OPA/Rego Experience hardening CI/CD pipelines with SAST, SCA, secrets scanning and container image scanning Hands-on experience with secrets management, rotation policies and secure client separation Experience implementing observability across logs, metrics, tracing and alerting Strong scripting and automation skills across TypeScript, Python, Bash or Go Excellent communication skills and the ability to bring engineering teams on the security journey Nice to have AWS certifications such as DevOps Engineer Professional, Security Specialty or Solutions Architect Professional Container security experience across ECS/EKS, RBAC hardening, image signing, admission policies or registry controls Vulnerability management, CSPM tooling and CVSS-based remediation experience Exposure to securing AI/ML workloads, model-serving pipelines or real-time voice/NLP infrastructure Experience working as the first or sole DevSecOps/security hire in a start-up environment What success looks like In the first 30 days, you will audit the current AWS environment, identify key risks across IAM, secrets, pipelines and observability, and deliver a prioritised remediation roadmap. Over the following months, you will implement least-privilege access controls, standardise secure CI/CD pipelines, expand Infrastructure-as-Code adoption and introduce stronger monitoring, logging and alerting. Over 6–12 months, you will have built a mature observability and security foundation, established vulnerability management processes, created secure engineering defaults and shaped the longer-term security and platform roadmap. Benefits Join a fast-growing, innovative technology environment Build a security and infrastructure function from the ground up High level of autonomy and technical ownership Strong professional growth and career development opportunities Competitive salary Flexible, remote-first working environment
