Job Specifications
Outside IR35, DevSecOps Engineer, Azure, AWS, Best practice, Regulatory Environment background, Mobile Application, Web Application, React, Greenfield Build, London + West Midlands.
We are seeking a Senior DevSecOps Engineer to lead governance, architecture guidance, and assurance for Greenfield Web Application build across infrastructure security, Microsoft Azure, AWS, Kubernetes and key SaaS platforms. This role is pivotal in shaping technical blueprints, setting security standards, and ensuring regulatory compliance with Cyber Essentials Plus, ISO 27001, and Zero Trust principles.
You will work closely with IT and platform teams to embed best practices, validate implementations, and support audit readiness across IaaS, PaaS, and SaaS environments.
You will be the glue between the development team and the security team to ensure that the
Key Responsibilities
Define and maintain multi-cloud security standards and reference blueprints (e.g. Azure Policy/Initiatives, AWS Control Tower/SCPs)
Proven background in Web Application builds
Own security architecture patterns and contribute to HLD/LLD, threat models, and risk assessments
Set assurance criteria and control evidence requirements for internal teams and third-party vendors
Establish policy-as-code requirements and maintain an exceptions register with expiry and risk ownership
Define identity and access control standards (Entra ID Conditional Access, MFA, PIM; AWS IAM federation)
Govern SaaS security onboarding (SSO, OAuth governance, DLP controls, vendor assessments)
Strong regulatory sector experience
Educate and influence teams through guidance, clinics, and coaching sessions
Familiarity with IaaS, PaaS, SaaS risk models and audit frameworks
Excellent written communication and facilitation skills to drive adoption and influence stakeholders
Additional Skills
Certifications: AZ‑500, SC‑100, SC‑200, AZ‑700, AWS Security Specialty, CISSP (or equivalents)
Experience with blueprint catalogues and architecture governance processes
Working knowledge of containers/Kubernetes (AKS/EKS) policy models
While this role focuses on governance and assurance, hands-on use may be required for validation:
Azure: Policy/Initiatives, Defender for Cloud, Entra ID, PIM
AWS: Control Tower, SCPs, Security Hub, GuardDuty, IAM
Security & Monitoring: Microsoft Sentinel (KQL), Defender XDR, audit dashboards
Documentation & Governance: Blueprint repositories, risk registers, ITSM/CAB records
If this role is of interest please send your cv to review ASAP
About the Company
Experis is a global leader in IT professional resourcing, project solutions and managed services. As the need for IT skills accelerates, we help organisations transform their digital infrastructure, enterprise applications, cloud and cyber security. Through Experis Academy, we deliver the powerful combination of in-demand technical skills together with the soft skills that are critical for business success.
Experis is part of ManpowerGroup, a Fortune 500 Global Business and world leader in innovative workforce solutions.
Know more