Overview Senior DevSecOps Engineer (Security Compliance specialist) – Apolitical Join to apply for the Senior DevSecOps Engineer (Security Compliance specialist) role at Apolitical. This range is provided by Apolitical. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range Location: London, UK (2 days in office) Visa sponsorship: UK national or visa holder preferred, but not a dealbreaker. Background checks: Due to the nature of the work we do with global governments and partners, all employees need to pass background checks, verifying your identity, education (if relevant), work history, sanctions, criminal record, adverse financial history and right to work. Salary expectations: We aim for transparency on salary bands. If our range is misaligned with your expectations, we’d welcome an open conversation as early as possible. Recruiters: We don\'t need any agency support. Please do not get in contact. Role Apolitical is the global peer‑to‑peer platform for people transforming government. Our engineering team ships a modern, TypeScript‑first stack—Kubernetes on GKE, Helmfile‑driven releases, and GitHub Actions pipelines—serving public‑sector professionals in 170+ countries. We’re looking for a Senior DevOps Engineer who pairs operational excellence with a passion for security and data compliance. You’ll harden our infrastructure, steer us through ISO 27001 and GDPR audits, and make it effortless for product squads to ship secure code at speed. You’ll be our internal security‑minded DevOps authority—sharing ownership of the CI/CD tool‑chain, cloud infrastructure and compliance controls that keep our platform safe, fast and auditable. Tasks and remit

Platform hardening – Maintain and evolve GKE + Helmfile deployments, Terraform modules and GitHub Actions workflows with security best practices baked‑in. Compliance liaison – Partner with our Data Protection Officer to interpret regulatory requirements (ISO 27001, GDPR, DPAs) and translate them into technical controls, policies and run‑books. Audit & pen‑test lead – Coordinate external auditors, manage evidence collection, track remediation tickets and present technical posture to stakeholders. Threat & vulnerability management – Run container‑image scanning (Snyk), dependency SBOM generation and orchestrate patch cycles across clusters. Incident readiness – Own on‑call playbooks, drill tabletop exercises, ensure logs/metrics/traces meet forensic standards. Security advocacy – Mentor engineers on secure‑by‑default patterns; propose and deliver projects (e.g. cluster network policies, secrets rotation, OIDC federation) that raise our security bar.

This role is exciting if you’re eager to grow technically and professionally in a supportive, pragmatic team. You’ll be empowered to own code, propose improvements and understand how your work impacts our users. You will be:

An experienced DevOps/SRE with deep knowledge of container orchestration (Kubernetes) and infrastructure‑as‑code. Fluent in CI/CD (GitHub Actions, Argo/CD or similar) and observability tooling. Comfortable mapping ISO 27001 controls to real‑world pipelines and cloud resources. A clear communicator who can bridge product squads, external auditors and non‑technical stakeholders. Managing people—this is an individual‑contributor role with broad cross‑team influence.

Milestones Timelines may vary depending on onboarding and support needs. Most team members are expected to achieve the following milestones: Within one month

Ship your first secure Helmfile release to QA. Complete onboarding deep‑dive of existing CI/CD, Terraform and security policies. Shadow DPO on open compliance items to build context.

Within three months

Lead the next quarterly vulnerability scan and deliver remediation plan. Introduce SBOM + container image scanning gates to GitHub Actions. Publish updated incident‑response runbook and run a tabletop drill.

Within six months

Own technical track for ISO 27001 surveillance audit—zero major non‑conformities. Deliver at least two security posture projects (e.g. cluster network policies, secret rotation automation). Define long‑term security roadmap and metrics dashboard consumed by leadership.

About you This is a great fit if you…

Thrive at the intersection of DevOps and security, turning controls into code. Have led (or heavily contributed to) at least one successful external compliance audit. Enjoy mentoring engineers and championing a culture of "secure by default". Are pragmatic—optimising for measurable risk reduction and developer velocity.

Let us know if you have…

Hands‑on GCP experience (GKE, Cloud SQL, IAM, Secret Manager). Contributed to SRE practices (SLIs, SLOs, error budgets) or chaos engineering.

This likely won’t be the right role if you…

Prefer narrowly scoped, siloed security roles. Are uncomfortable owning end‑to‑end delivery—from Terraform plan to audit evidence pack.

Note: Some boilerplate about diversity and inclusion has been kept in its original form where relevant for job fairness statements.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Technology, Information and Internet

Don’t miss updates — set job alerts for “Security Engineer” roles. #J-18808-Ljbffr