SC Cleared DevSecOps Engineer

I'm supporting a defence-focused start-up in their search for for a Cloud Security Engineer with a focus on DevSecOps and application security to embed security directly into their engineering and delivery pipelines.

Role: SC Cleared DevSecOps Engineer (Azure)

Location: West Midlands (1-3 days / week on-site)

• Integrate security controls and scanning into CI/CD pipelines
• Improve software supply chain security and dependency management
• Review and secure pipelines, repositories, and build processes
• Define and enforce branch protection, approvals, and release controls
• Drive pipeline hardening and secure configuration practices
• Support adoption of a secure SDLC across engineering teams
• Implement code, dependency, and IaC scanning with policy integration
• Embed security requirements into platform and application delivery
• Support secure design for new services in collaboration with architects
• Partner with engineering to deliver secure-by-design solutions
• Contribute to incident response, including investigation and triage
• Improve detection and logging across application and pipeline layers
• Contribute to automation and repeatable security practices

• Experience with DevSecOps / application security in Azure environments
• Strong understanding of CI/CD pipelines and security controls
• Knowledge of secure SDLC practices
• Experience with code scanning, dependency scanning, and IaC security
• Familiarity with secrets management in pipelines
• Understanding of modern software supply chain risks
• Ability to work closely with developers and provide practical security guidance
• Pragmatic, delivery-focused approach to security