DevSecOps Consultant

Job Description:

DevSecOps Engineer

• Location: London (Hybrid)
• Engagement Type: Day Rate Contract (Inside IR35)

The Assignment

This is a high-impact, tactical consulting role. Our client has security tooling in flightincluding Snyk, SonarQube, and automated pipelinesbut they need an consultant to make it land. Currently, they are battling tool noise, backlog fatigue, and pipeline friction that is stalling engineering velocity.

We need a security-first practitioner with strong advisory and consulting experience to land, build immediate trust, run a maturity assessment, and engineer a practical \"shift-left\" model that enhances developer workflows rather than blocking them.

Key Responsibilities

• Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap.
• Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity.
• High-Touch Consulting and Coaching: Embed directly with engineering squads as a trusted advisory partner. Attend stand-ups, run secure-coding clinics, and cultivate a \"security as an enabler\" culture.
• Secure Design: Facilitate collaborative threat-modelling sessions during active design phases using STRIDE and MITRE ATTandCK.

What We're Looking For

• Consulting and Advisory Edge: Proven experience navigating complex client environments, managing stakeholders up to C-level, and translating highly technical risks into actionable business guidance.
• Security-First DNA: A career natively forged in cyber/application security, not a developer who casually pivoted into security.
• Fluent in Code and Pipelines: Technical fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers.
• Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATTandCK.
• Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes).

£600.00 - £680.00 / day

Talent International UK and it's subsidiaries, Digital Gurus, Infinite Talent and Rethink act as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this opportunity, you accept the TandC's, Privacy Policy and Disclaimers which can be

JBRP1_UKTJ