Are you passionate about driving secure, high-performing software delivery at scale? This is a fantastic opportunity to lead and evolve a DevSecOps capability within a forward-thinking organisation, enabling fast, safe, and compliant delivery across multiple engineering teams.
The Role
As the DevSecOps Capability Manager, you’ll lead and scale DevSecOps practices across the organisation, embedding secure-by-design principles, modern automation, and policy-as-code into the CI/CD ecosystem.
You’ll play a pivotal role in improving engineering performance, focusing on DORA metrics such as lead time, deployment frequency, and reliability. This role blends technical leadership, strategy, governance, and hands‑on capability development.
What You’ll Do
Value, Flow & Quality
- Own and improve lead time and deployment frequency across platforms
- Publish and act on DORA and flow metrics
- Remove bottlenecks through automation and policy-as-code
- Drive performance improvements via engineering scorecards
Leadership & Capability Development
- Lead, coach, and develop a team of DevSecOps Engineers
- Define standards, patterns, and best practices
- Foster a culture of security, automation, and continuous improvement
Strategy, Governance & Technical Direction
- Set DevSecOps strategy across pipelines and security automation
- Establish governance for CI/CD, IaC, and cloud delivery
- Define observability standards (SLOs, tracing, dashboards)
- Embed security into pipelines (SAST, SCA, DAST, secrets, IaC scanning)
- Govern “Golden Path” templates and adoption
- Oversee reliability, performance, and security of platforms and pipelines
- Lead vulnerability management and remediation
- Support incident response and post‑incident reviews
- Integrate telemetry across Azure ecosystem (Defender, Entra, WAF)
- Act as a senior advisor to engineering, product, and security teams
- Align stakeholders on delivery and security best practice
- Represent DevSecOps in governance forums
- Own DevSecOps tooling strategy and lifecycle
- Drive automation across testing, security, deployment, and monitoring
- Partner with Cloud and Platform teams
- Own and evolve the Golden Path service catalogue
Business Continuity & Resilience
- Embed resilience and BCP via policy-as-code
- Run recovery and resilience testing (game days)
What We’re Looking For
- Strong leadership and people management experience
- Deep expertise in CI/CD, DevSecOps, and security integration
- Strong cloud, containerisation, and IaC knowledge
- Proven ability to improve DORA and engineering performance metrics
- Experience with observability and monitoring frameworks
- Strong background in security tooling (SAST, SCA, DAST, scanning tools)
- Solid understanding of cloud security, IAM, and zero‑trust principles
- Experience working in complex or regulated environments
- Excellent communication and stakeholder management skills
What’s In It for You
- Impact: Lead a critical DevSecOps capability in a large-scale organisation
- Flexibility: Hybrid and flexible working options
- Career Growth: Ongoing learning, development, and leadership exposure
- Benefits Package: Annual discretionary bonus
- 25 days holiday + bank holidays + holiday trading
- Up to 10% matched pension
- Private medical insurance
- Electric car salary sacrifice scheme
- Inclusive employee networks
Apply today or reach out directly to Charlie Smith at charlies@wrkdigital.co.uk for a confidential chat.
#J-18808-Ljbffr…
