Summary: The DevSecOps Engineer role is a high-impact consulting position focused on enhancing security practices within engineering teams. The consultant will conduct maturity assessments, optimize pipelines, and foster a security-first culture while addressing tool noise and backlog issues. The ideal candidate will possess strong advisory skills and a deep understanding of security frameworks and practices. This position is hybrid and falls under inside IR35 regulations.
Key Responsibilities:
- Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
- Tune tool signal-to-noise ratios (SAST, SCA, DAST, IaC), triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab).
- Embed directly with engineering squads as a trusted advisory partner, attending stand-ups and running secure-coding clinics.
- Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATT&CK.
Key Skills:
- Proven experience navigating complex client environments and managing stakeholders up to C-level.
- A career forged in cyber/application security.
- Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines.
- Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATT&CK.
- Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).
Salary (Rate): £680.00/daily
City: London
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Job Description DevSecOps Engineer Location: London (Hybrid) Engagement Type: Day Rate Contract (Inside IR35)
The Assignment This is a high-impact, tactical consulting role. Our client has security tooling in flightincluding Snyk, SonarQube, and automated pipelinesbut they need an consultant to make it land. Currently, they are battling tool noise, backlog fatigue, and pipeline friction that is stalling engineering velocity. We need a security-first practitioner with strong advisory and consulting experience to land, build immediate trust, run a maturity assessment, and engineer a practical "shift-left" model that enhances developer workflows rather than blocking them.
Key Responsibilities
- Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
- Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity.
- High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a "security as an enabler" culture.
- Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATT&CK.
What We're Looking For
- Consulting and Advisory Edge: Proven experience navigating complex client environments, managing stakeholders up to C-level, and translating highly technical risks into actionable business guidance.
- Security-First DNA: A career natively forged in cyber/application security, not a developer who casually pivoted into security.
- Fluent in Code and Pipelines: Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers.
- Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATT&CK.
- Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).
£600.00 - £680.00 / day Talent International UK and it's subsidiaries, Digital Gurus, Infinite Talent and Rethink act as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this opportunity, you accept the T&C's, Privacy Policy and Disclaimers which can be found at talentinternational.co.uk