DevSecOps Engineer

Join Nordcloud and be part of the European cloud revolution. We supercharge our customers to innovate in hyperscaler cloud, enabling seamless migration, advanced security, and data-driven success.

Currently, we are looking for a Dev Sec Ops  Engineer to join our team in the UK.

We are seeking an experienced Dev Sec Ops  Engineer to help uplift and standardise the security posture across a large-scale public‑sector digital screening programme. The platform spans AWS and Azure, with 20+ cloud‑based services at varying stages of maturity. The goal is to create a coherent, consistent, and modern cybersecurity baseline across all products by embedding security into CI/CD, Infrastructure-as-Code (IaC), and operational processes.

You will work closely with product teams, infrastructure engineers, and delivery squads to embed security early ("shift‑left"), automate controls, and ensure consistent guardrails across the entire service portfolio.

• Implement and embed security controls throughout CI/CD pipelines, ensuring security is built‑in rather than bolted‑on.
• Enhance and maintain IaC (Terraform / ARM / Bicep / Cloud Formation) ensuring consistent, repeatable, and secure infrastructure deployments across AWS and Azure.
• Integrate automated security scanning (SAST/DAST/SCA), secrets management, policy enforcement, base image hardening, and runtime protection as part of the delivery workflow.

• Work with multi‑cloud services to design, implement, and maintain security patterns that can be applied consistently across the portfolio.
• Configure cloud‑native security tooling (e.g., guardrails, identity policies, network controls) and ensure all services meet agreed security standards.
• Collaborate on extracting reusable libraries and toolsets to drive standardisation across teams.

• Deliver security improvements through changes to CI/CD and IaC repositories, version controlled alongside application code.
• Build and refine pipelines that support automated testing, deployment, and governance across cloud environments.
• Ensure teams can continuously monitor, detect, and remediate vulnerabilities through integrated pipeline tooling.

• Contribute to DR strategy uplift by defining consistent runbooks, automated processes, and wargaming tools to validate resilience across services.
• Ensure operational documentation is clear, repeatable, and usable by delivery and support teams.

• Work hand‑in‑glove with product teams, architects, and infrastructure engineers to socialise patterns, build capability, and embed practices early.
• Prioritise work based on an existing cybersecurity risk assessment, ensuring high‑value improvements are delivered first.
• Support knowledge sharing, coaching, and embedding of security best practices across engineering teams.

• Strong background in Dev Sec Ops principles including shift‑left security, automated testing, secure SDLC, and cloud‑native security engineering.
• Hands‑on experience with AWS and Azure cloud environments.
• Experience designing secure and scalable architectures, CI/CD pipelines, and infrastructure automation.
• Proficiency with IaC tools such as Terraform, ARM, Bicep, Cloud Formation
  .
• Experience integrating security tools into CI/CD (SAST, DAST, dependency scanning, secrets scanning, container scanning).
• Familiarity with container orchestration and security (Kubernetes/AKS/EKS).
• Strong understanding of identity, access, network, and policy enforcement across cloud platforms.
• Ability to document runbooks, DR processes, and operational guidance.
• Excellent stakeholder engagement skills across engineering, operations, and delivery teams
• MUST BE ELIGIBLE FOR SC CLEARANCE

• Experience contributing to or maintaining shared libraries or open‑source tooling.
• Knowledge of audit, compliance, and security frameworks.
• Experience in large public‑sector or regulated environments.

Your work will directly strengthen the security posture of a major national digital screening platform, ensuring…