Summary: The role of DevSecOps Engineering Lead involves driving and coordinating DevSecOps practices across multiple digital products for the MOD, ensuring security and compliance throughout the software delivery life cycle. The position requires collaboration with various teams and the establishment of consistent processes for DevSecOps engineers. The candidate will also be responsible for embedding security into CI/CD pipelines and managing vulnerability life cycles. This role is critical in supporting the MOD's digital transformation programme as the prime Digital Delivery Partner.
Key Responsibilities:
- Design, implement, document and continuously improve DevSecOps practices across delivery teams.
- Establish secure, automated CI/CD pipelines and integrate security scanning into workflows.
- Manage vulnerability life cycles, secrets management, and policy enforcement for workloads.
- Partner with developers to ensure compliance with MOD security standards.
- Govern Infrastructure as Code (IaC) practices across teams.
- Contribute to incident response, patching cycles, and compliance reporting.
- Document security processes and operational runbooks in Confluence.
Key Skills:
- Proven experience as a DevSecOps Lead with hands-on expertise in CI/CD and GitOps.
- Familiarity with security and compliance tooling, containers, and orchestration.
- Experience with Infrastructure as Code (Terraform) and observability tools.
- Strong scripting and automation skills (Python, Bash).
- Understanding of cloud and networking fundamentals.
- Experience with UK Government Digital Service (GDS) life cycle.
- Strong facilitation, communication, and stakeholder management skills.
Salary (Rate): £671.25/day
City: Bristol
Country: UK
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Senior
Industry: IT
DevSecOps Engineering Lead
Clearance required: MOD SC
Location: Hybrid
Sector: Public
IR35 Status: PAYE via Umbrella company only
Job Description:
We are seeking an experienced, client-facing Lead DevSecOps Engineer to drive and coordinate DevSecOps practices across multiple digital products delivered as part of a wider MOD business and digital transformation programme, where Capgemini is the client's prime Digital Delivery Partner. Products will be deployed across the MOD digital estate (MODCloud), including MOD's instances of Microsoft Azure (MODCloud ACE/i-ACE), AWS (MODCloud ICE) and Oracle Cloud Infrastructure (OCI/MODCloud OCE).
You will embed security, compliance and automation into the software delivery life cycle, ensuring platforms and applications meet stringent security and operational standards. You will also establish consistent, documented processes used by DevSecOps engineers across each environment, including a coordinated approach for releasing updates across the integrated set of products and platforms in scope.
This role requires deep expertise in CI/CD pipelines, delivery workflows and security tooling across these cloud environments, alongside strong collaboration with developers, DevSecOps engineers, infrastructure engineers and test teams.
Key Responsibilities
Design, implement, document and continuously improve DevSecOps practices across the delivery teams, including:
o Secure, automated CI/CD pipelines
o Security scanning integrated into build, test and deployment workflows
o Vulnerability life cycle management, including allowlist processes and risk acceptance where required
o Secrets management and identity/access management
o Policy enforcement for workloads, container images and infrastructure
o Observability, monitoring, logging and audit controls
Partner with developers to embed secure-by-design engineering and ensure compliance with MOD security standards.
Enable and govern Infrastructure as Code (IaC) practices across teams and environments.
Contribute to incident response, patching cycles and compliance reporting, ensuring lessons learned are captured and actions tracked.
Document security processes, controls and operational runbooks in Confluence.
Key Skills and Experience
Essential
Proven experience as a DevSecOps Lead, establishing and operating DevSecOps ways of working and associated tooling across the following areas (hands-on and leading others):
o CI/CD and GitOps (eg GitHub Actions, Argo CD, Argo Rollouts)
o Security and compliance tooling (eg Trivy scanning and vulnerability management, HashiCorp Vault, cert-manager)
o Containers and orchestration (eg Docker, AWS EKS)
o Infrastructure as Code (eg Terraform)
o Observability (eg Grafana, Loki)
o Scripting and automation (eg Python, Bash)
o Cloud and networking fundamentals (eg AWS IAM, S3, network policies)
Experience delivering within the UK Government Digital Service (GDS) life cycle on a public sector engagement.
Experience working with and leading distributed and hybrid teams.
Demonstrated ability to work across cross-functional teams, particularly with developers, testers and DevSecOps engineers.
Strong facilitation, communication and stakeholder management skills, with experience influencing at multiple levels.
Highly Desirable
Experience leading DevSecOps engineering for products hosted on the MOD digital estate, spanning Microsoft Azure (MODCloud ACE/i-ACE), AWS (MODCloud ICE) and Oracle Cloud Infrastructure (OCI/MODCloud OCE).
Clearance:
MOD SC (minimum BPSS to start; must be eligible to apply for MOD SC).