All Jobs Vacancy

DevSecOps Consultant

Posted 1 day ago by Talent International

Job Description: DevSecOps Engineer

  • Location: London (Hybrid)
  • Engagement Type: Day Rate Contract (Inside IR35)

The Assignment

This is a high-impact, tactical consulting role. Our client has security tooling in flight including Snyk, SonarQube, and automated pipelines but they need a consultant to make it land. Currently, they are battling tool noise, backlog fatigue, and pipeline friction that is stalling engineering velocity.

We need a security-first practitioner with strong advisory and consulting experience to land, build immediate trust, run a maturity assessment, and engineer a practical "shift-left" model that enhances developer workflows rather than blocking them.

Key Responsibilities

  • Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
  • Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity.
  • High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a "security as an enabler" culture.
  • Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATT&CK.

What We're Looking For

  • Consulting and Advisory Edge: Proven experience navigating complex client environments, managing stakeholders up to C-level, and translating highly technical risks into actionable business guidance.
  • Security-First DNA: A career natively forged in cyber/application security, not a developer who casually pivoted into security.
  • Fluent in Code and Pipelines: Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers.
  • Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATT&CK.
  • Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).
Rate:
£680/day
Location:
London
IR35 Status:
Inside
Remote Status:
Hybrid
Industry:
Cybersecurity
Seniority Level:
Not Specified

Take-Home Pay

£9,800 per month

Visit calculators for additional details

Create a free account to view the take-home pay for this contract

Share job