Role : DevSecOps lead

Location :London

Duration: Contract

We are seeking a highly experienced DevSecOps & IaC Lead to drive enterprise-wide DevSecOps transformation and Infrastructure‑as‑Code implementation during the migration of large-scale on‑prem systems to AWS cloud. This role requires deep expertise across CI/CD pipelines, security automation, cloud-native DevOps tooling, third-party DevSecOps platforms, and large-scale IaC governance.
The ideal candidate will lead cross-functional engineering teams, define DevSecOps strategy, enforce secure-by-design principles, and ensure seamless DevSecOps operations across hybrid and cloud environments.

Key Responsibilities

1. DevSecOps Strategy & Cloud Migration Leadership

• Lead the DevSecOps transformation for applications and platforms migrating from on‑prem to AWS.
• Build a roadmap for CI/CD modernization, security automation, and cloud-ready pipelines.
• Ensure DevSecOps practices support lift & shift, replatforming, containerization, and modernization migration patterns.
• Collaborate with cloud, application, SRE, and security teams to ensure DevSecOps maturity improves during and after migration.

2. Infrastructure‑as‑Code (IaC) Architecture & Governance

• Define enterprise IaC standards using tools such as Terraform, CloudFormation, CDK, Ansible, and GitOps practices.
• Lead IaC implementation for AWS landing zones, networking, security, containers, and application infrastructure.
• Establish modular IaC patterns, reusable blueprints, guardrails, and governance frameworks.
• Drive full lifecycle IaC adoption: provisioning → configuration → drift control → compliance.

3. Cloud‑Native & Third‑Party DevSecOps Tooling Integration

• Architect and integrate DevSecOps toolchains across cloud and on‑prem ecosystems, including: 
  • CI/CD: GitHub Actions, GitLab, Jenkins, Azure DevOps
  • Security: Snyk, Checkmarx, SonarQube, Prisma Cloud, Aqua, Twistlock
  • Containers: EKS, ECS, ECR, Helm, ArgoCD, Flux
  • Secrets & identity: AWS Secrets Manager, HashiCorp Vault
  • Compliance: AWS Security Hub, GuardDuty, OPA/Conftest, Checkov
• Ensure deep integration between security scanning, artifact repositories, code quality, and deployment automation.

4. Security Automation & Shift‑Left Enablement

• Implement “security-by-default” and “shift-left” practices across the software lifecycle.
• Automate: 
  • SAST/DAST
  • Dependency & container image scanning
  • Policy-as-code (Rego/OPA)
  • Secrets scanning
  • Infrastructure compliance
• Establish secure CI/CD pipeline patterns covering application, container, and infrastructure layers.

5. Observability, Reliability & DevOps Excellence

• Partner with SRE, platform, and cloud teams to embed monitoring, logging, tracing, and auditability into pipelines.
• Implement automated quality gates, blue‑green/canary deployments, and progressive delivery strategies.
• Standardize operational best practices through automation, runbooks, and deployment frameworks.

6. Governance, Risk, Automation & Compliance

• Ensure all DevSecOps and IaC pipelines comply with enterprise security, audit, and regulatory requirements.
• Define DevSecOps maturity KPIs (deployment frequency, MTTR, security findings, drift metrics).
• Build automated governance controls for release management, security enforcement, and compliance checks.
• Drive adoption of secure cloud operating models across all stakeholders.

7. Leadership & Stakeholder Management

• Lead cross-functional DevSecOps squads and mentor engineers on DevSecOps, IaC, and cloud automation practices.
• Work with program managers to ensure DevSecOps readiness across all migration waves.
• Communicate progress, risks, and technical decisions to senior leadership and architecture boards.
• Provide strategic input on enterprise cloud engineering standards and transformation roadmap.

Required Skills & Experience

Technical Expertise

• 14+ years of experience in DevOps, platform engineering, cloud automation, or infrastructure engineering.
• Strong hands-on experience with AWS cloud services, CI/CD, IaC, and security automation.
• Expertise in: 
  • Terraform, CloudFormation, CDK, Ansible
  • Docker, Kubernetes, EKS/ECS, Helm, GitOps
  • GitHub/GitLab/Azure DevOps/Jenkins pipelines
  • Security tools: Snyk, Checkmarx, SonarQube, Prisma Cloud, Vault
  • Logging/observability platforms (CloudWatch, ELK, Datadog)

Security & Compliance Skills

• Strong understanding of cloud security principles: IAM, KMS, encryption, zero trust, least privilege.
• Experience implementing policy-as-code and pipeline security controls.
• Understanding of CIS benchmarks, NIST, ISO27001, compliance frameworks.

Cloud Migration Skills

• Direct experience supporting large-scale on‑prem to AWS migrations.
• Strong understanding of migration waves, application onboarding, and pipeline modernization.

Soft Skills & Leadership

• Excellent communication and architectural documentation abilities.
• Experience leading multi-disciplinary teams across dev, infra, cloud, and security domains.
• Ability to influence architects, executives, developers, and operations teams.

Preferred Qualifications

• AWS DevOps Engineer – Professional
• AWS Solutions Architect – Associate/Professional
• HashiCorp Terraform Certification
• Kubernetes certifications (CKAD, CKA, CKS)
• DevSecOps or SRE certifications (nice-to-have)

Success Metrics

• Fully automated, secure CI/CD pipelines across all migration phases
• Enterprise-wide IaC adoption with strong governance and consistency
• Reduction in security vulnerabilities and pipeline defects
• Faster cloud onboarding and deployment times
• Improved security posture and operational reliability post‑migration