DevSecOps Consultant
Job Description:DevSecOps Engineer Location: London (Hybrid) Engagement Type: Day Rate Contract (Inside IR35) The Assignment This is a high-impact, tactical consulting role. Our client has security tooling in flightincluding Snyk, SonarQube, and automated pipelinesbut they need an consultant to make it land. Currently, they are battling tool noise, backlog fatigue, and pipeline friction that is stalling engineering velocity. We need a security-first practitioner with strong advisory and consulting experience to land, build immediate trust, run a maturity assessment, and engineer a practical "shift-left" model that enhances developer workflows rather than blocking them. Key Responsibilities Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap. Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity. High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a "security as an enabler" culture. Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATTandCK. What We''re Looking For Consulting and Advisory ..... full job details .....
Perform a fresh search...
-
Create your ideal job search criteria by
completing our quick and simple form and
receive daily job alerts tailored to you!