DevSecOps Engineer

Posted 6 hours 22 minutes ago by Arcus Search

Permanent
Full Time
Other
Moray, Dallas, United Kingdom, IV362
Job Description

Job type: Contract (W2) Duration: 12 months (scope for extension) Location: Dallas (hybrid)

The role

We believe that security should be an enabler, not a blocker, which is why we're building systems that empower developers to move fast and build securely. Our DevSecOps team plays a central role in this mission and we're looking for a DevSecOps Engineer to help us go further. In this role, you will secure our software supply chain, embed AppSec into our CI/CD pipelines and partner with engineering teams to drive smart, secure decisions earlier in the SDLC. As a DevSecOps Engineer, you will work at the intersection of security and engineering, embedding tools and processes to detect risk early and automate the right responses. This is a hands-on role, focused on driving adoption of modern AppSec tooling, triaging real-world vulnerabilities and creating fast, developer-friendly feedback loops.

Who are we looking for?

The ideal candidate will have the following skills and experience:

  • Solid experience securing CI/CD pipelines and integrating AppSec tooling using platforms such as GitLab CI, Jenkins and GitHub Actions
  • Working knowledge of SAST, SCA and DAST principles and tuning techniques to improve signal quality
  • Familiarity with SBOM standards - such as CycloneDX or SPDX - and how they're used to improve software transparency
  • Experience scripting or building automation in Python, C#, Go or similar
  • A strong grasp of container security, for example with Docker or Kubernetes and cloud infrastructure, such as AWS, Azure or GCP
  • A collaborative, low-ego approach with strong written and verbal communication skills
  • A growth mindset; you're excited to continuously evolve your knowledge and help others do the same
The below are beneficial:
  • Experience with secure management and distribution of secrets using tools such as HashiCorp Vault or AWS Secrets Manager
  • Operational knowledge of PKI and internal certificate lifecycles
  • Secure artefact signing, provenance tracking or build pipeline hardening
Key responsibilities of the role include:
  • Embedding and optimising SAST, SCA and DAST tools within CI/CD pipelines to catch issues early
  • Triaging and contextualizing security findings, guiding developers toward practical, risk-based fixes
  • Building automation and internal tooling to streamline how security results are collected, prioritised and acted upon
  • Driving the creation, management and use of Software Bills of Materials (SBOMs) to improve visibility and traceability of dependencies
  • Championing SDLC supply chain security, including dependency hygiene, provenance, artefact integrity and secure build environments
  • Enabling teams with playbooks, education and tooling that make secure development the default path
  • Collaborating cross-functionally with Platform and Product teams to evolve our security posture