DevSecOps Engineer

📋 Description

• • Join Nordcloud, a leading European cloud innovator, and play a pivotal role in the ongoing cloud revolution. We empower our customers to achieve groundbreaking innovation within hyperscaler cloud environments, facilitating seamless migrations, bolstering advanced security measures, and driving data-driven success. We are currently seeking a highly skilled and experienced DevSecOps Engineer to become an integral part of our UK-based team.
• • In this critical role, you will be instrumental in elevating and standardising the security posture across a large-scale public-sector digital screening programme. This extensive platform encompasses both AWS and Azure cloud environments, featuring approximately 20 cloud-based services at various stages of maturity. Your primary objective will be to establish a coherent, consistent, and modern cybersecurity baseline that permeates all products.
• • This will be achieved by deeply embedding security principles and practices into the core of our development and operational processes, including Continuous Integration and Continuous Delivery (CI/CD) pipelines, Infrastructure-as-Code (IaC) methodologies, and day-to-day operational procedures. You will collaborate closely with product teams, infrastructure engineers, and dedicated delivery squads to champion a 'shift-left' security approach, ensuring security is considered from the earliest stages of development.
• • Your responsibilities will include automating security controls, implementing consistent guardrails across the entire service portfolio, and fostering a culture of security awareness and ownership within engineering teams.
• • **Security Engineering & Automation:**
• • Implement, enhance, and embed robust security controls directly within CI/CD pipelines. This ensures that security is an intrinsic part of the development lifecycle, rather than an afterthought.
• • Maintain and improve Infrastructure-as-Code (IaC) frameworks, including Terraform, ARM, Bicep, and CloudFormation, to guarantee consistent, repeatable, and secure infrastructure deployments across both AWS and Azure.
• • Integrate a comprehensive suite of automated security scanning tools into the delivery workflow. This includes Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), secrets management solutions, policy enforcement mechanisms, base image hardening, and runtime protection.
• • **Cloud Security (AWS & Azure):**
• • Design, implement, and maintain security patterns and best practices that can be consistently applied across a multi-cloud service portfolio, leveraging both AWS and Azure native services.
• • Configure and manage cloud-native security tooling, such as AWS GuardDuty, Azure Security Center, identity and access management policies, and network security controls, ensuring all services adhere to agreed-upon security standards and compliance requirements.
• • Collaborate with other teams to identify, extract, and promote reusable security libraries and toolsets, driving standardisation and efficiency across the entire organisation.
• • **CI/CD & Platform Engineering:**
• • Drive security improvements by making direct contributions to CI/CD pipelines and IaC repositories, ensuring these changes are version-controlled alongside application code for traceability and rollback capabilities.
• • Build, refine, and optimise pipelines that facilitate automated testing, secure deployment, and robust governance across diverse cloud environments.
• • Empower teams with the ability to continuously monitor, detect, and remediate vulnerabilities through the seamless integration of security tooling within their existing pipelines.
• • **Disaster Recovery & Operational Readiness:**
• • Contribute significantly to the uplift of our Disaster Recovery (DR) strategy by defining clear, consistent runbooks, developing automated recovery processes, and implementing wargaming tools to rigorously validate service resilience.
• • Ensure that all operational documentation is clear, concise, repeatable, and easily usable by both delivery and support teams, facilitating efficient incident response and business continuity.
• • **Collaboration & Delivery:**
• • Work in close partnership with product teams, architects, and infrastructure engineers to effectively socialise new security patterns, build security capability within teams, and embed security best practices from the outset of projects.
• • Prioritise security initiatives based on a thorough cybersecurity risk assessment, ensuring that the highest impact and most valuable improvements are delivered first.
• • Actively support knowledge sharing, provide coaching and mentorship, and champion the adoption of security best practices across all engineering teams.
• • **Impact:**
• • Your contributions will directly enhance the security posture of a major national digital screening platform, ensuring the consistency, resilience, and trustworthiness of dozens of critical public-facing services.
• • You will play a key role in shaping and defining secure engineering standards that will be adopted and implemented across multiple teams and diverse cloud environments, leaving a lasting positive impact on the organisation's security maturity.