DevSecOps Engineering Lead CGEMJP

Role Title: DevSecOps Engineering Lead

Duration: contract to run until 31/03/2027

Location: Hybrid role, predominantly remote, with some travel to Client sites (estimated average 1 day per week to London and/or Bristol/Bath; occasionally more during specific delivery phases).

Rate: up to £690 p/d Umbrella inside IR35

Clearance required: SC Clearance Eligibility is essential

Role purpose/summary

We are seeking an experienced, client-facing Lead DevSecOps Engineer to drive and coordinate DevSecOps practices across multiple digital products delivered as part of a wider CLIENT business and digital transformation programme, where Capgemini is the client's prime Digital Delivery Partner. Products will be deployed across the CLIENT digital estate (CLIENTCloud), including CLIENT's instances of Microsoft Azure (CLIENTCloud ACE/i-ACE), AWS (CLIENTCloud ICE) and Oracle Cloud Infrastructure (OCI/CLIENTCloud OCE).

You will embed security, compliance and automation into the software delivery life cycle, ensuring platforms and applications meet stringent security and operational standards. You will also establish consistent, documented processes used by DevSecOps engineers across each environment, including a coordinated approach for releasing updates across the integrated set of products and platforms in scope.

This role requires deep expertise in CI/CD pipelines, delivery workflows and security tooling across these cloud environments, alongside strong collaboration with developers, DevSecOps engineers, infrastructure engineers and test teams.

Key Responsibilities

• Design, implement, document and continuously improve DevSecOps practices across the delivery teams, including:
• Secure, automated CI/CD pipelines
• Security scanning integrated into build, test and deployment workflows
• Vulnerability life cycle management, including allowlist processes and risk acceptance where required
• Secrets management and identity/access management
• Policy enforcement for workloads, container images and infrastructure
• Observability, monitoring, logging and audit controls
• Partner with developers to embed secure-by-design engineering and ensure compliance with CLIENT security standards.
• Enable and govern Infrastructure as Code (IaC) practices across teams and environments.
• Contribute to incident response, patching cycles and compliance reporting, ensuring lessons learned are captured and actions tracked.
• Document security processes, controls and operational runbooks in Confluence.

Key Skills and Experience

Essential

• Proven experience as a DevSecOps Lead, establishing and operating DevSecOps ways of working and associated tooling across the following areas (hands-on and leading others):
• CI/CD and GitOps (eg GitHub Actions, Argo CD, Argo Rollouts)
• Security and compliance tooling (eg Trivy scanning and vulnerability management, HashiCorp Vault, cert-manager)
• Containers and orchestration (eg Docker, AWS EKS)
• Infrastructure as Code (eg Terraform)
• Observability (eg Grafana, Loki)
• Scripting and automation (eg Python, Bash)
• Cloud and networking fundamentals (eg AWS IAM, S3, network policies)
• Experience delivering within the UK Government Digital Service (GDS) life cycle on a public sector engagement.
• Experience working with and leading distributed and hybrid teams.
• Demonstrated ability to work across cross-functional teams, particularly with developers, testers and DevSecOps engineers.
• Strong facilitation, communication and stakeholder management skills, with experience influencing at multiple levels.

Highly Desirable

• Experience leading DevSecOps engineering for products hosted on the CLIENT digital estate, spanning Microsoft Azure (CLIENTCloud ACE/i-ACE), AWS (CLIENTCloud ICE) and Oracle Cloud Infrastructure (OCI/CLIENTCloud OCE).

All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!

If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.