OverviewThis role is for a Senior DevSecOps Engineer focused on security compliance. You’ll work with a modern, TypeScript‑first stack—Kubernetes on GKE, Helmfile‑driven releases, and GitHub Actions pipelines—serving public‑sector professionals in 170+ countries. You’ll harden infrastructure, steer ISO 27001 and GDPR audits, and enable product squads to ship secure code at speed.You’ll be our internal security‑minded DevOps authority—sharing ownership of the CI/CD tool‑chain, cloud infrastructure and compliance controls that keep our platform safe, fast and auditable.RoleApolitical is the global peer‑to‑peer platform for people transforming government. We are looking for a Senior DevSecOps Engineer who combines operational excellence with a passion for security and data compliance.Tasks and remitPlatform hardening – Maintain and evolve GKE + Helmfile deployments, Terraform modules and GitHub Actions workflows with security best practices baked‑in.Compliance liaison – Partner with our Data Protection Officer to interpret regulatory requirements (ISO 27001, GDPR, DPAs) and translate them into technical controls, policies and run‑books.Audit & pen‑test lead – Coordinate external auditors, manage evidence collection, track remediation tickets and present technical posture to stakeholders.Threat & vulnerability management – Run container‑image scanning (Snyk), dependency SBOM generation and orchestrate patch cycles across clusters.Incident readiness – Own on‑call playbooks, drill tabletop exercises, ensure logs/metrics/traces meet forensic standards.Security advocacy – Mentor engineers on secure‑by‑default patterns; propose and deliver projects that raise our security bar (e.g. cluster network policies, secrets rotation, OIDC federation).This role is exciting if you’re eager to grow technically and professionally in a supportive, pragmatic team. You’ll be empowered to own code, propose improvements and understand how your work impacts our users.You will be:An experienced DevOps/SRE with deep knowledge of container orchestration (Kubernetes) and infrastructure‑as‑code.Fluent in CI/CD (GitHub Actions, Argo/CD or similar) and observability tooling.Comfortable mapping ISO 27001 controls to real‑world pipelines and cloud resources.A clear communicator who can bridge product squads, external auditors and non‑technical stakeholders.Managing people—this is an individual‑contributor role with broad cross‑team influence.Timelines and milestonesTimelines may vary depending on onboarding and support needs. Most team members achieve the following milestones:Within one monthShip your first secure Helmfile release to QA.Complete onboarding deep‑dive of existing CI/CD, Terraform and security policies.Shadow DPO on open compliance items to build context.Within three monthsLead the next quarterly vulnerability scan and deliver remediation plan.Introduce SBOM + container image scanning gates to GitHub Actions.Publish updated incident‑response runbook and run a tabletop drill.Within six monthsOwn technical track for ISO 27001 surveillance audit—zero major non‑conformities.Deliver at least two security posture projects (e.g. cluster network policies, secret rotation automation).Define long‑term security roadmap and metrics dashboard consumed by leadership.About youThis is a great fit if you…Thrive at the intersection of DevOps and security, turning controls into code.Have led (or heavily contributed to) at least one successful external compliance audit.Enjoy mentoring engineers and championing a culture of "secure by default".Are pragmatic—optimising for measurable risk reduction and developer velocity.Let us know if you have…Hands‑on GCP experience (GKE, Cloud SQL, IAM, Secret Manager).Contributed to SRE practices (SLIs, SLOs, error budgets) or chaos engineering.This likely won’t be the right role if you…Prefer narrowly scoped, siloed security roles.Are uncomfortable owning end‑to‑end delivery—from Terraform plan to audit evidence pack.We are committed to diversity and inclusion. If your past experience doesn’t align perfectly with every qualification, you are encouraged to apply anyway—you may be the right candidate for this or other roles.Seniority levelMid-Senior levelEmployment typeFull-timeJob functionTechnology, Information and Internet #J-18808-Ljbffr