Senior DevSecOps Cloud Architect

Purchasing jobs >> Retail/Purchasing




Senior DevSecOps Cloud Architect

Reporting to the Head of Digital Defence, our Senior DevSecOps Cloud Architects are responsible for working with project and operational teams to ensure security is embedded within application and system development.

The role will require a diverse background in security, IT operations, risk management, software development and operational assurance through adherence to internal policies and relevant compliance standards. It requires establishing good working relationships with different areas of the organization including architects, technical designers and product or service owners as well as build and test teams.

* Review data flow diagrams, design and architectural documentation to provide security oversight on requirements, input and potential risks.
* Support IT and Business transformation projects by ensuring they are risk-assessed, and that controls and security requirements are met through the transformation lifecycle, including compliance requirements such as ISO 27001 and PCI-DSS.
* Support security risk management by identifying and analysing potential risks within development processes and outputs. Ensure that there is appropriate reporting, management and mitigation actions in place.
* Work in conjunction with assurance teams to support the improvement of application and system development across DCG.
* Support the Security Testing team in the scoping, management and related remediation activities arising from penetration testing and vulnerability management processes.
* Attend business governance meetings as required representing the Information Security team.
* Develop information security processes and procedures in conjunction with business and IT stakeholders and ensure these are embedded into BAU activity.
* Be the “go-to” SME for security, business and technical teams (both internal and externally) that require support and broadly sharing related Dev-Sec-Ops updates from across industries.

Required Skills & Experience
* Proven practical experience in Cloud Computing (Azure, AWS, GCP, IBM) with knowledge of Containerization technologies (Kubernetes, ECS, Docker) and configuration management (Helm, Ansible, Packer, Azure Automation). 
* Experience of setting up HA cloud environments with Terraform and ARM.  
* Good Knowledge of traditional IaaS IT Security Devices running as VMs.
* Linux Admin knowledge of RedHat, Suse and other distributions.  Windows Server knowledge.  Working with CIS hardened images.  Admin knowledge of NginX, IIS, Apache, NodeJS, BIND, DHCP, OpenSSL, Windows Firewall and IP Tables.
* DevOps / SRE mentality and related working practices.  Practical experience of securing pipelines with Container Scanning (Clair), DAST (Zap), SAST.  Secrets management and vaulting.
* Working with CI & CD toolsets such as Jenkins, Gitlab-ci, Azure DevOps-ci.  Working in GitLab, Bitbucket and GitHub SCMs with the ability to mentor others from scratch.
* Experience of AD, ADFS, Azure AD, OpenID Connect, OAuth, claims and RBAC.
* Experience across Security Governance and Security Assurance.  
* Ability to explain and present technical security risks to a wide variety of business, technical and non-technical stakeholders.  Strong documentation skills in Confluence and Jira.
* Ability to use SME knowledge to influence security good practice behaviours within Dixons Carphone.  Demonstrate vulnerabilities with Fortify, Burp, Postman and other tools.
* Intermediate Software Engineer preferably with experience in some of the following: PHP, JS, Java, Bash, Python, Terraform, ARM
  • 1
  • Negotiable
  • None
  • None
  • CV-208087
  • Permanent
  • 0

How to Apply: Please click here to create a free account and post your resume. Only logged in job seekers can apply for a job.

Find us at:

Never provide bank account, credit card details or any other financial information, or make any form of payment, when applying for a job. If you are ever asked to do this by a recruiter on Pure Jobs please click the Report button or contact us with the advertiser's company name and the title of the job vacancy. You should not send any money to anyone. A genuine employer with a job offer would never ask you to do this.

Report this job

Report a job

If you're concerned about a job advert, let us know and our quality team will investigate.

Your name(*)
Invalid Input

Your email address(*)
Invalid Input

Please select you reason(*)

Additional information(*)
Invalid Input

Invalid Input

Subscribe to updates from our blog


However, by continuing to use the site without changing settings, you are agreeing to our use of cookies.