DevSecOps Engineer

Responsibilities

DevSecOps & Security Engineering

• Embed security-by-default across the SDLC (shift-left testing, secure configurations, vulnerability scanning)

• Own IAM, RBAC, SSO/SAML, and access governance across all platform environments

• Ensure compliance with ISO 27001, SOC 2, NCSC guidelines, Cyber Essentials, and related frameworks

• Provide hands-on guidance to engineering teams and drive secure development practices

Platform Engineering & Cloud Architecture

• Own multi-cloud architecture across AWS (primary), Azure, and GCP

• Manage Kubernetes workloads and serverless architecture (AWS Lambda)

• Lead infrastructure-as-code using Terraform to ensure consistency and scalability

• Contribute to platform-level scalability, resilience, and performance decisions

• Support Windows Server and Azure environments, integrating with identity systems

CI/CD, Automation & Developer Experience

• Own and evolve CI/CD pipelines across Jenkins, GitLab CI, and Azure DevOps

• Drive automation of deployments, testing, and provisioning

• Improve developer experience through faster, more reliable, secure delivery

Reliability, Observability & Incident Management

• Own monitoring and observability using tools like Prometheus, Grafana, Splunk (or equivalents)

• Define and manage SLIs/SLOs

• Lead incident response, root cause analysis, and prevention strategies

• Proactively identify and mitigate reliability and performance risks

Experience and Skills Needed

• Strong hands-on experience in AWS cloud architecture

• Experience implementing DevSecOps practices across the SDLC

• Experience with IAM, RBAC, SSO/SAML, and modern security tooling

• Expertise in building and managing CI/CD pipelines at scale (e.g., GitLab CI, Jenkins, Snyk, SonarQube, Lacework/FortiCNAPP)

• Proficiency in Bash and Python scripting for automation

• Strong Kubernetes experience (cluster management, containerised delivery at scale)

• Experience with observability, monitoring, and incident management (Grafana, Sentry, Darktrace, SLIs/SLOs)

• Experience leveraging AI tooling to improve engineering workflows and delivery

What Success Looks Like

• Security is embedded early, reducing vulnerabilities reaching production

• Compliance standards consistently met with no major audit findings

• Cloud environments are reliable, scalable, and aligned with IaC standards

• CI/CD pipelines are stable, trusted, and improving delivery performance

• Automation meaningfully reduces manual effort across engineering

• Incidents are detected early and resolved at root cause

• Monitoring and alerting are trusted and actionable across teams

Interview Process

• Online interview with the Senior Talent Advisor

• Technical interview with the Director of Engineering and the Director of IT & Cybersecurity

• Introduction to the CPTO

Diversity & Inclusion

At Perkbox, we are committed to being an inclusive employer and creating a fair workplace for all. We encourage applications from candidates across all backgrounds, circumstances, ages, disabilities, ethnicities, religions or beliefs, gender identities, or sexual orientations. We are happy to offer reasonable adjustments during our hiring process. Just let us know, and we'll make it work for you.

Your comfort and success matter to us!