Senior DevSecOps Architect

Role Overview

• Define and document secure cloud and application architectures that meet business requirements and regulatory obligations (e.g., FedRAMP, NIST, DISA STIGs as applicable).
• Lead the design and implementation of automated CI/CD pipelines with integrated security controls (SAST, DAST, SCA, secret detection), infrastructure as code (IaC) scanning, and automated compliance checks.
• Architect and operate secure, scalable container and orchestration platforms (Kubernetes/OpenShift) and associated platform services (service mesh, ingress, observability, policy enforcement).
• Collaborate with developers to integrate secure coding practices, threat modelling, and runtime protection into the SDLC.
• Design and maintain automated monitoring, alerting, and incident response playbooks to detect and respond to security events across cloud and application layers.
• Develop IaC (Terraform, CloudFormation) patterns and reusable modules that enforce security guardrails and reduce configuration drift.
• Provide technical leadership on identity and access management, zero trust principles, secrets management, and key management solutions.
• Assess third-party and open-source components for security risk and define mitigation strategies for supply chain vulnerabilities.
• Partner with compliance, legal, and risk teams to support audits, evidence collection, and remediation efforts.
• Mentor and coach engineers and platform teams on DevSecOps best practices, tooling, and secure architecture patterns.

Requirements

• Bachelor’s degree in Computer Science, Cyber Security, or a related discipline, or equivalent practical experience.
• Proven track record (typically 10+ years) in cloud architecture, platform engineering, or security engineering roles, with demonstrable experience in DevSecOps practices.
• Strong experience with major cloud providers (AWS, Azure, or GCP) and native security controls and services.
• Hands-on expertise with CI/CD tooling (Jenkins, GitLab CI, GitHub Actions, etc.), containerisation (Docker), and orchestration (Kubernetes).
• Practical knowledge of security testing tools and techniques: SAST, DAST, SCA, container image scanning, IaC scanning, and dynamic runtime protection.
• Experience authoring and reviewing IaC (Terraform, CloudFormation) and applying automated policy-as-code (OPA, Sentinel, or similar).
• Strong scripting and automation skills (Python, Go, Bash, or similar) and experience building tooling to operationalise security controls.
• Excellent communication skills with the ability to translate security requirements into practical engineering solutions for diverse audiences.
• Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security – Specialty, or similar are advantageous.
• Experience with regulatory frameworks and assessments (FedRAMP, NIST 800-53, ISO 27001) in enterprise or government environments.
• Familiarity with service mesh, eBPF-based observability, runtime security (Falco, Falco-based policies), and policy engines (OPA/Gatekeeper).
• Background in secure software supply chain practices, SBOM generation, and mitigation of dependency vulnerabilities.
• Experience contributing to architecture reviews, threat modelling workshops, and security-focused design patterns across large programmes.

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• Docker
• Google Cloud Platform
• Jenkins
• Kubernetes
• OpenShift
• Python
• SDLC
• Terraform
• Go

Benefits

• Competitive base salary with performance-related bonus and incentives linked to technical and delivery outcomes.
• Flexible working arrangements, including hybrid/remote options to support a healthy work–life balance.
• Supportive and inclusive culture with investment in professional development, training, and mentorship opportunities.
• Opportunity to shape platform strategy, influence security standards, and progress into senior technical leadership roles.
• Work on high-impact secure cloud transformation engagements with public sector and commercial clients.