DevOps Security Engineer

About The Role

We're hiring a DevOps Security Engineer to embed security into every layer of our infrastructure and deployment pipeline. You'll work across cloud security, vulnerability management, secrets management, and CI/CD hardening — making sure security is foundational, not bolted on. You report to the DevOps Manager and work closely with the broader engineering team. If you believe security should enable speed, not slow it down, this is the role.

Why ThreatAware?

ThreatAware gives security teams a single source of truth for every device and tool in their organisation. 150+ integrations, deploys in under 30 minutes, real-time visibility across entire IT estates. Finance, legal, energy, healthcare — they trust us to show them what's protected and what isn't.

Now we're building something bigger. Six years of accurate cyber asset data, and we're layering AI on top of it — new ways for security teams to interrogate their data, automate workflows, and act on risk before it becomes a problem. You'll make sure we build it all on secure foundations.

What you’ll do

Build secure‑by‑default infrastructure that lets engineers ship with confidence.

• Establish and enforce AWS security best practices: IAM, VPC hardening, encryption, and least‑privilege access across all environments.
• Integrate security scanning into CI/CD pipelines — static analysis, dependency scanning, container image scanning, and artifact integrity checks.
• Design and maintain secrets management architecture, enforcing zero hardcoded credentials across the codebase.
• Support incident response: investigate security events, contain threats, conduct root‑cause analysis, and improve runbooks.
• Build and maintain observability across infrastructure and security — monitoring, alerting, and dashboards that surface issues before they escalates.
• Champion security culture across engineering — deliver training, create guardrails, and make it easy for developers to ship secure code.

What we’re looking for

• Solid DevSecOps or infrastructure security experience with hands‑on AWS expertise (IAM, VPC, Config).
• Strong knowledge of CI/CD security, container security, and infrastructure‑as‑code security practices.
• Comfortable with TypeScript and/or PowerShell — you automate everything you can.
• Experience with vulnerability scanning, secrets management tools, and compliance frameworks.
• A security mindset that enables rather than blocks — you find ways to say yes securely.
• Clear communicator who can explain security concepts to engineers at any level.

#J-18808-Ljbffr