DevSecOps Consultant
Posted Today by Talent International
£680 Per day
Inside
Hybrid
London, UK
Summary: The role of DevSecOps Engineer is a tactical consulting position focused on enhancing security practices within engineering teams. The consultant will address challenges related to security tooling and engineering velocity by conducting assessments and optimizing pipelines. The ideal candidate will possess strong advisory skills and a deep understanding of security frameworks to foster a culture of security as an enabler. This position requires a hands-on approach to embed within engineering squads and drive effective security practices.
Key Responsibilities:
- Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
- Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity.
- High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a "security as an enabler" culture.
- Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATTandCK.
Key Skills:
- Consulting and Advisory Edge: Proven experience navigating complex client environments, managing stakeholders up to C-level, and translating highly technical risks into actionable business guidance.
- Security-First DNA: A career natively forged in cyber/application security, not a developer who casually pivoted into security.
- Fluent in Code and Pipelines: Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers.
- Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATTandCK.
- Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).
Salary (Rate): £680.00/day
City: London
Country: UK
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Job Description:
DevSecOps Engineer
- Location: London (Hybrid)
- Engagement Type: Day Rate Contract (Inside IR35)
The Assignment
This is a high-impact, tactical consulting role. Our client has security tooling in flightincluding Snyk, SonarQube, and automated pipelinesbut they need an consultant to make it land. Currently, they are battling tool noise, backlog fatigue, and pipeline friction that is stalling engineering velocity.
We need a security-first practitioner with strong advisory and consulting experience to land, build immediate trust, run a maturity assessment, and engineer a practical "shift-left" model that enhances developer workflows rather than blocking them.
Key Responsibilities
- Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
- Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity.
- High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a "security as an enabler" culture.
- Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATTandCK.
What We're Looking For
- Consulting and Advisory Edge: Proven experience navigating complex client environments, managing stakeholders up to C-level, and translating highly technical risks into actionable business guidance.
- Security-First DNA: A career natively forged in cyber/application security, not a developer who casually pivoted into security.
- Fluent in Code and Pipelines: Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers.
- Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATTandCK.
- Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).
£600.00 - £680.00/day
Talent International UK and it's subsidiaries, Digital Gurus, Infinite Talent and Rethink act as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this opportunity, you accept the TandC's, Privacy Policy and Disclaimers which can be found on our website
