DevSecOps Engineer: Azure Cloud

Overview

Role: DevSecOps Engineer: Azure CloudLocation: London or NewcastleSalary: London up to £85,000 per annum; Newcastle up to £74,000 per annumType of contract: Full Time, permanentLocation: Hybrid working. On-site at London or Newcastle office 2 days per week minimumNationality RequirementUK NationalsNationals of Commonwealth countries who have the right to work in the UKNationals from the EU, EEA or Switzerland with status under the European Union Settlement Scheme (EUSS)Please note, we are not able to sponsor work visas or accept temporary visas as we are hiring on a permanent basis. Contact hrservicedesk@nao.org.uk with questions on nationality eligibility.The deadline for applications is 11.55pm 5 October 2025. Applications will be reviewed throughout the campaign.About the Organisation

The National Audit Office (NAO) is the UK’s main public sector audit body. We value diversity and are committed to flexible working. We welcome applications from everyone and interview all disabled applicants who meet the minimum criteria. Relationships: Reporting to Director Information Security. Internal: close collaboration with Info Sec peers, Digital Services and application development teams. External: Microsoft and other key suppliers and peers. Resources Managed: None.Why You’ll Love This RoleWhat You’ll Do

As a DevSecOps Engineer, you’ll help shape the security of cloud platforms and applications.Embed security throughout the software development lifecycle; identify and resolve vulnerabilities quickly.Conduct security assessments and support penetration testing to strengthen resilience.Continuously improve the Secure Software Development Lifecycle (SSDLC) and promote best practices.Transform security requirements into automated, scalable solutions within a modern DevSecOps toolchain.Design and implement repeatable, secure deployment strategies for applications across identity, data, apps, and infrastructure.Automate security baselines and configuration management using IaC (Bicep/Terraform) and enforce with Azure Policy.Develop and maintain secure cloud service solutions leveraging Azure security capabilities; ensure governance, risk, and compliance alignment.Support delivery, configuration and optimization of cloud security tools and services.Lead investigations into process, resource and tool improvements; coach and mentor technical teams; stay ahead of AI trends and government digital standards.Support risk assessments and ensure compliance with security and regulatory requirements across services.Key Skills and Competencies (Required and Preferred)

Information/Application Security: design security controls into applications and services (Practitioner).Service Support: identify and fix complex application faults; advise on methodologies (Practitioner).Development process optimisation (Practitioner).Risk-based decision enabling and informing (Working).Modern development standards (Practitioner).Programming and build: design, code, test and document medium-to-high complexity programs (Practitioner).Prototyping: collaborative prototyping and pattern iteration (Practitioner).Research and innovation: assess security implications of new technologies (Working).Systems Design and Systems integration (Practitioner).Security technology: explain vulnerabilities and impacts (Practitioner).Understanding security in transformation: policy, business architecture, and legal implications (Working).Experience and Qualifications

Strong background in DevSecOps/AppSec practices: CI/CD, IaC, security automation tools; automated security testing; secure code reviews; vulnerability management.Leading continuous improvement and problem management: experience in investigations and recommendations.Extensive experience implementing Zero Trust security models: MFA, least privilege, micro-segmentation, continuous monitoring.Knowledge of compliance and regulatory requirements (e.g., GDPR/DPA2018, ISO27001, NIST); ability to conduct security audits and risk assessments.Essential: analytical and problem-solving skills; collaboration; adaptability; broad Azure DevOps/AppSec experience; working towards or holding relevant certifications (CISSP, CISM, CRISC, etc.).SC Security Clearance or ability to achieve SC clearance quickly (preferred).Preferred: in-depth technical knowledge in ISO27001 and risk management.Job Function and Seniority

Seniority level: Entry levelEmployment type: Full-timeJob function: Engineering and Information TechnologyIndustries: Government AdministrationDisclaimer: Referrals increase your chances of interviewing at UK National Audit Office. Sign in to set job alerts for “Cloud Engineer” ..... full job details .....