DevSecOps Pentester

DevSecOps Pentester

Posted 1 day ago by Stott and May

Apply
£550 Per day
Inside
Hybrid
London, UK
Apply
Agile Methodology Amazon Web Services (AWS) Ansible Application Environments Application Programming Interface (API) Application Security Automation AWS Identity And Access Management (IAM) Azure Kubernetes Service Bash (Scripting Language) Cloud Computing Cloud Infrastructure Cloud Technology Continuous Integration and Continuous Delivery Design Elements And Principles DevOps DevSecOps Gitlab Google Cloud Platform (GCP) Infrastructure as Code (IaC) JIRA Kubernetes Management Microsoft Azure Open Web Application Security Project (OWASP) Penetration Testing Preparing Executive Summaries Secure Coding ServiceNow Software Coding Software Development Threat Modeling Web Applications Workflows

Summary: The role of DevSecOps Pentester involves conducting penetration tests and security assessments within a high-performing security team. The successful candidate will focus on integrating automated security tools into DevOps workflows and collaborating with developers to enhance security measures. This position requires a blend of hands-on testing, automation skills, and effective communication within agile environments. The contract is for 6 months, based in London with a hybrid working arrangement.

Key Responsibilities:

  • Integrate security practices and tooling into DevOps pipelines.
  • Perform penetration testing and security reviews on CI/CD pipelines, cloud, containers, and web/API applications.
  • Contribute to IaC automation, including ServiceNow integrations and AWS service catalogue automation.
  • Identify vulnerabilities during the design phase, applying threat modelling and secure design principles.
  • Deliver detailed reports, including executive summaries and technical findings, with actionable remediation advice.
  • Retest vulnerabilities and validate fixes.
  • Track and manage security issues via Jira workflows.
  • Advise on secure deployment, IAM, and secrets management practices.
  • Educate development and operations teams on emerging threats and best practices.

Key Skills:

  • Strong application security knowledge (OWASP Top 10, API security).
  • Manual penetration testing of modern web applications, APIs, and CI/CD pipelines.
  • Deep understanding of DevSecOps practices, secure SDLC, and threat modelling.
  • Hands-on experience automating security checks within CI/CD (Jenkins, GitLab, Ansible).
  • Knowledge of secure coding practices and common developer vulnerabilities.
  • Scripting skills for automation and testing (Python, Bash, Go).
  • Proficiency with cloud-native architectures (Docker, Kubernetes, IaC).
  • Experience securing cloud platforms (AWS, Azure, GCP).
  • Excellent communication and ability to work in agile teams.

Salary (Rate): £550 daily

City: London

Country: UK

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

DevSecOps Pentester

Location: London (Hybrid - 2/3 days in office)
Contract Type: Contract (6 months)
Day Rate: 535 - 550 GBP (Inside IR35)
Start Date: ASAP

The Role

We are seeking an experienced DevSecOps Pentester to join a high-performing security team. The successful candidate will conduct penetration tests and security assessments across CI/CD pipelines, cloud infrastructure, and application environments. You will integrate automated security tools into DevOps workflows, identifying vulnerabilities before they reach production, and collaborate with developers and operations teams to enhance security posture.
This role requires a mix of hands-on penetration testing, automation expertise, and strong collaboration skills within agile environments.

Key Responsibilities

  • Integrate security practices and tooling into DevOps pipelines.
  • Perform penetration testing and security reviews on CI/CD pipelines, cloud, containers, and web/API applications.
  • Contribute to IaC automation, including ServiceNow integrations and AWS service catalogue automation.
  • Identify vulnerabilities during the design phase, applying threat modelling and secure design principles.
  • Deliver detailed reports, including executive summaries and technical findings, with actionable remediation advice.
  • Retest vulnerabilities and validate fixes.
  • Track and manage security issues via Jira workflows.
  • Advise on secure deployment, IAM, and secrets management practices.
  • Educate development and operations teams on emerging threats and best practices.

Essential Skills & Experience

  • Strong application security knowledge (OWASP Top 10, API security).
  • Manual penetration testing of modern web applications, APIs, and CI/CD pipelines.
  • Deep understanding of DevSecOps practices, secure SDLC, and threat modelling.
  • Hands-on experience automating security checks within CI/CD (Jenkins, GitLab, Ansible).
  • Knowledge of secure coding practices and common developer vulnerabilities.
  • Scripting skills for automation and testing (Python, Bash, Go).
  • Proficiency with cloud-native architectures (Docker, Kubernetes, IaC).
  • Experience securing cloud platforms (AWS, Azure, GCP).
  • Excellent communication and ability to work in agile teams.

Desirable Skills & Experience

  • Strong client engagement and reporting skills.
  • Proven use of modern security tooling in production environments.
  • Experience testing cloud and IaC misconfigurations.
  • Ability to document findings clearly and support remediation.
  • Relevant certifications (desirable but not required):
  • OSCP, OSWA, CRTO, GWAPT, GPEN, eWPT
  • Azure Security Engineer Associate/AWS Security Specialty
  • Kubernetes Security/DevSecOps certifications
Please email your CV to (see below) for immediate consideration.

Apply
Similar Jobs
Loading data...