Cross Programme DevSecOps Engineering Lead
Start date: ASAP
Duration: 31/03/2027
Rate: Flexible inside IR35 (DOE)
Location: Remote with visits to Bristol and London for events or team meetings
Clearance required: MOD SC preferred; already SC cleared

Job Description
We are seeking an experienced, client-facing Lead DevSecOps Engineer to drive and coordinate DevSecOps practices across multiple digital products delivered as part of a wider MOD business and digital transformation programme, where our client is the Digital Delivery Partner.

Products will be deployed across the MOD digital estate, including MODCloud ACE / i-ACE, MODCloud ICE and MODCloud OCE. The role will embed security, compliance and automation into the software delivery lifecycle, ensuring platforms and applications meet stringent security and operational standards.
You will establish consistent, documented processes used by DevSecOps engineers across each environment, including a coordinated approach for releasing updates across the integrated set of products and platforms in scope.

Key Responsibilities

• Design, implement, document and continuously improve DevSecOps practices across delivery teams.
• Build and govern secure, automated CI/CD pipelines.
• Integrate security scanning into build, test and deployment workflows.
• Manage vulnerability lifecycles, including allowlist processes and risk acceptance where required.
• Oversee secrets management and identity/access management.
• Enforce policy controls for workloads, container images and infrastructure.
• Support observability, monitoring, logging and audit controls.
• Partner with developers to embed secure-by-design engineering and ensure compliance with MOD security standards.
• Enable and govern Infrastructure as Code practices across teams and environments.
• Contribute to incident response, patching cycles and compliance reporting, ensuring lessons learned are captured and actions tracked.
• Document security processes, controls and operational runbooks in Confluence.

Key Skills and Experience
Essential

• Proven experience as a DevSecOps Lead, including hands-on delivery and leading others.
• Strong experience with CI/CD and GitOps, such as GitHub Actions, Argo CD and Argo Rollouts.
• Experience with security and compliance tooling, including Trivy scanning, vulnerability management, HashiCorp Vault and cert-manager.
• Container and orchestration experience, including Docker and AWS EKS.
• Infrastructure as Code experience, particularly Terraform.
• Observability experience, including Grafana and Loki.
• Scripting and automation experience, including Python and Bash.
• Cloud and networking fundamentals, including AWS IAM, S3 and network policies.
• Experience delivering within the UK Government Digital Service lifecycle on a public sector engagement.
• Experience working with and leading distributed and hybrid teams.
• Ability to work across cross-functional teams, particularly developers, testers and DevSecOps engineers.
• Strong facilitation, communication and stakeholder management skills, with experience influencing at multiple levels.

Highly Desirable

• Experience leading DevSecOps engineering for products hosted on the MOD digital estate.
• Experience spanning Microsoft Azure MODCloud ACE / i-ACE, AWS MODCloud ICE and Oracle Cloud Infrastructure MODCloud OCE.
  
  

Clearance
MOD SC is required. Minimum BPSS may be acceptable to start, but you must be eligible to apply for MOD SC.

Travel
Predominantly remote role, with some travel to client sites. Travel is estimated at an average of one day per week to London and/or Bristol/Bath, with occasional additional travel during specific delivery phases.