DevSecOps Engineer

Key Responsibilities

• Work closely with Development, Cloud Engineering, and Product teams to embed security into cloud and application architectures.
• Provide guidance on secure design patterns and technical security recommendations.
• Support colleagues in understanding secure engineering principles and emerging threats.

• Enhance and maintain secure IaC using Terraform, ensuring compliance with internal policies and standards.
• Embed automated security checks into Azure DevOps CI/CD pipelines, including static analysis, dependency scanning, and IaC scanning.
• Ensure Kubernetes workloads follow best practices: RBAC, network policies, secrets management, image security, and ingress protections.
• Support secure configuration of Azure VMs hosting legacy or specialised products.

• Operate and enhance container vulnerability scanning
• Monitor CVEs relevant to Centellic’s stack and coordinate remediation activities with engineering teams. 
• Perform regular reviews of Terraform modules, container images, Helm charts, and AKS configurations to identify misconfigurations and risks.

• Work with monitoring tooling (e.g., Datadog or Azure Monitor) to detect anomalous or suspicious activity.
• Maintain alerting rules, dashboards, and security signals supporting rapid detection and response.
• Participate in incident response alongside the Principal Developer, Cloud Engineer and developers, including root‑cause analysis and post‑incident improvements.
• Contribute to 24/7 support rotations where required.

• Ensure infrastructure and deployments adhere to LBR policies, including identity management, least privilege, encryption, and network security requirements.
• Maintain and improve secrets management using Azure Key Vault and Kubernetes secrets best practices.
• Support audits, documentation requirements, and risk assessments.

• Stay current with cloud‑security trends, threats, tools, and techniques.
• Recommend and trial new technologies to enhance security, governance, automation, and efficiency.
• Proactively identify opportunities to strengthen security posture across AKS, VM workloads, network layers, and CI/CD processes.

Skills Knowledge and Expertise

• Strong ability to diagnose and resolve complex cloud and security issues across infrastructure, applications, and DevOps tooling.
• Ability to translate security requirements into practical engineering tasks.
• Clear communicator able to explain security concepts to non‑security stakeholders.
• Works calmly under pressure with strong time‑management skills.
• Curious, proactive, and able to independently identify improvements.

• Security best practices for Azure, including networking, RBAC, managed identities, logging, and monitoring.
• Kubernetes security: network policies, PodSecurityStandards, RBAC, image security, secrets, ingress security, and high‑availability configurations.
• Terraform and Terraform‑security concepts (policies, modules, scanning tools).
• Azure DevOps CI/CD, including YAML pipelines, secure build pipelines, artifact management, and release governance.
• Container technologies: container hardening, image optimisation, multi‑stage builds, secure base image selection.
• Trivy (or similar), dependency scanning, and SAST/DAST tools.
• Scripting with Python, Bash, or PowerShell for automation.
• Git and branching strategies with a security‑focused approach.
• Knowledge of WAF, API security, OWASP Top 10, and common cloud‑security frameworks.
• WAF rules management, including creation, tuning, and monitoring.
• SSL/TLS configuration best practices, certificate lifecycle management.
• Experience with Cloudflare security features including WAF, SSL, and Zero Trust options.

Benefits

• Eye care
• Employee Assistance Programme
• A day off for your birthday

• Pension (4% employer contribution and 4% employee contribution)

• Life assurance

• Cycle to work scheme
• Season ticket loan
• £350 annual wellbeing allowance to contribute to gym memberships or fitness classes
• Puregym access
• Perks at work platform access

• Private healthcare

• Company socials 
• Access to Employee Affinity Networks 
• Mentoring scheme 
• Volunteering Day 
• Mortgage Advice
• Work from anywhere (2 weeks)
• Generous parental leave