This range is provided by Digital Waffle. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

Direct message the job poster from Digital Waffle

About the Role

Job Title: DevSecOps Engineer

Location: Nottingham, UK (80% Remote)

We are looking for a DevSecOps Engineer to take a leading role in strengthening our security posture and protecting our technology platforms against evolving cyber threats. This is a high-impact role within the Technical Operations team, where you’ll be responsible for shaping security operations, driving incident response, and embedding security into every layer of our infrastructure and development practices.

Key Skills

• Monitoring - DataDog (alternative accepted)
• IaC - Terraform
• CI/CD - GitHub or Azure DevOps
• Azure security tools
• Vulnerability assessments

What You’ll Do

• Act as the lead contact for security incidents, driving investigations through to resolution.
• Design, implement, and manage security controls across applications and infrastructure.
• Develop and maintain an effective incident response plan, leading post-incident reviews and improvements.
• Partner with engineering and operations teams to integrate security practices into DevOps pipelines.
• Manage and optimise security monitoring tools to ensure real-time visibility and rapid response.
• Conduct threat and vulnerability assessments, applying effective mitigation strategies.
• Provide mentorship and knowledge sharing within the wider security and technical teams.
• Keep ahead of emerging threats and trends, recommending proactive improvements to tools and processes.

Key Skills & Experience

• Strong background in security operations across cloud and on-premises environments.
• Hands-on experience with monitoring and observability platforms, ideally Datadog.
• Solid understanding of Azure cloud security tools and best practices.
• Proficiency with Infrastructure as Code (Terraform preferred).
• Familiarity with security monitoring tools (e.g. SIEM, IDS/IPS) and incident response frameworks.
• Strong knowledge of security frameworks and standards such as NIST, ISO 27001, and CIS.
• Scripting and automation experience to improve security processes.
• Excellent communication skills, with the ability to simplify complex technical issues for a range of audiences. Familiarity with CI/CD security tooling and static code analysis.

Nice to Have

• Experience implementing security testing frameworks in high-volume environments.
• Exposure to external audits and certification processes.
• Experience using GitHub with knowledge of branching and merging strategies.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology
• Industries: Technology, Information and Media, Software Development, and IT System Custom Software Development

Referrals increase your chances of interviewing at Digital Waffle.