Responsibilities
Embed security practices into software development pipelines by integrating DevSecOps principles, automation tools, and governance controls. Support the definition, implementation, and continuous improvement of secure software development lifecycle (SSDLC) processes across internal and client delivery teams. Advise on secure architecture patterns and controls for cloud-native, containerised, and hybrid applications, aligned with industry standards and best practices. Collaborate with engineering, DevOps, and platform teams to guide the adoption of security tooling across CI/CD environments. Conduct reviews of application architecture, infrastructure-as-code, and security configurations to identify risks and support remediation planning. Provide input into security design decisions, threat modelling sessions, and architectural governance forums. To support engineering teams and deliver clear, practical documentation, including secure development standards, integration guidelines, and process artefacts. Stay informed on the evolving threat landscape, cloud security trends, and software security vulnerabilities to ensure contemporary and effective delivery. Participate in client workshops, knowledge-sharing sessions, and cross-functional engagements to build capability and promote a secure development culture. Contribute to continuous internal improvement initiatives within the cybersecurity practice, helping enhance methods, tooling, and DevSecOps delivery frameworks
Qualifications
A degree (or equivalent experience) in Cybersecurity, Computer Science, Software Engineering, or a related technical discipline. Recognised industry certifications in cybersecurity or application security (CompTIA, ISC2, GIAC, ISACA, or CREST). Highly desirable are certifications related to secure development and cloud security (CSSLP, AZ-500, SC-100/SC-200, AWS Security, GCSA, GCLD, or similar). Familiarity with secure coding standards (OWASP, SEI CERT) and SSDLC models (Microsoft SDL, NIST 800-218 SSDF). Knowledge or experience of Product Assurance Schemes (PAS) or product security frameworks (PAS 754, PAS 1296, or similar) is desirable. DevOps, DevSecOps, or platform certifications (Kubernetes, Terraform, Azure DevOps, GitHub Actions) are advantageous. Evidence of continued professional development aligned with software and cloud security trends, tooling, and threat awareness.
Essential skills
Strong understanding of secure software development principles and the software development lifecycle (SDLC/SSDLC). Hands-on experience integrating security tools and controls into CI/CD pipelines. Proficiency in modern DevOps environments. Practical experience with cloud security concepts and controls across at least one major cloud platform (AWS, Azure, or GCP). Solid grasp of secure coding practices and common software vulnerabilities. Ability to assess code, configurations, and architecture for security issues and provide practical remediation guidance. Strong documentation and communication skills to produce secure development standards, process guidance, and developer-facing artefacts. Ability to collaborate with software engineers, DevOps teams, and architects to embed security into agile and DevSecOps workflows. Comfortable working in fast-paced delivery environments, adapting to changing technologies, frameworks, and client contexts.
Desired skills
Familiarity with infrastructure-as-code (IaC) security practices and tooling. Knowledge of container orchestration platforms and associated security tooling. Awareness of compliance and assurance frameworks relevant to secure software. Understanding cloud-native security services and architectures, including Zero Trust models and shift-left security practices. Exposure to secure software supply chain practices, including code provenance, dependency management, and SBOM generation. Ability to support security awareness and up-skilling across engineering teams through mentoring, workshops, or documentation.
Experience
Experience in cybersecurity, secure software engineering, or cloud security roles, with a strong emphasis on delivery. Demonstrable experience embedding security controls and tooling into software development pipelines and DevOps environments. Hands-on experience implementing or supporting secure development processes (SSDLC), code review practices, or CI/CD security integration. Proven involvement in cloud-native or hybrid solution development with exposure to major cloud platforms. Experience collaborating with developers, DevOps, architects, and platform teams to design and implement secure software solutions. Exposure to application security tooling (SAST, DAST, SCA), cloud security services, and infrastructure-as-code security practices. Track record of contributing to security documentation, standards, developer enablement, or secure coding artefacts. Familiarity with agile or DevOps-based delivery models and working across multiple stakeholders or client environments. Experience contributing to internal capability building, reusable templates/toolchains, or developer enablement initiatives. Experience conducting or contributing to threat modelling exercises (DREAD, STRIDE-LM, PASTA) as part of design and architecture reviews.
What do I need before I apply
You must have the right to work in the UK. A strong foundation in cybersecurity engineering or infrastructure security, with practical delivery experience. A proactive and adaptable mindset, with the ability to work independently across diverse client environments. A passion for delivering high-quality, standards-aligned cybersecurity solutions that make a tangible impact.
Benefits
Collaborative working environment – we stand shoulder to shoulder with our clients and our peers through good times and challenges We empower all passionate technology loving professionals by allowing them to expand their skills and take part in inspiring projects Expleo Academy - enables you to acquire and develop the right skills by delivering a suite of accredited training courses Competitive company benefits Always working as one team, our people are not afraid to think big and challenge the status quo As a Disability Confident Committed Employer we have committed to: Ensure our recruitment process is inclusive and accessible Communicating and promoting vacancies Offering an interview to disabled people who meet the minimum criteria for the job Anticipating and providing reasonable adjustments as required Supporting any existing employee who acquires a disability or long term health condition, enabling them to stay in work at least one activity that will make a difference for disabled people
“We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age”.
We treat everyone fairly and equitably across the organisation, including providing any additional support and adjustments needed for everyone to thrive
