DevSecOps Engineer

Position: DevSecOps Engineer (Mid-Level)

Hoxton Wealth is a leading global wealth management firm delivering financial solutions to international investors and expatriates across regulated jurisdictions.

We are seeking a DevSecOps Engineer to embed security into our cloud-native development workflows and corporate IT environment. This role is suited to a mid-level engineer with strong hands-on experience securing AWS-based development platforms and integrating security controls into CI/CD pipelines alongside responsibility for core IT security within Office 365.

You will play a key role in shifting security left across the software delivery lifecycle while ensuring production and corporate systems remain secure observable and compliant with ISO 27001 and related regulatory expectations. The role requires a pragmatic security mindset balancing strong controls with developer velocity in a regulated environment.

You will work closely with engineering platform IT and compliance teams to design and operate security capabilities that are scalable auditable and automation-driven.

Responsibilities

• Design implement and operate DevSecOps practices across AWS-based development and production environments aligned with ISO 27001 control objectives. Embed security controls into CI/CD pipelines including static analysis dependency scanning container scanning and policy enforcement supporting secure SDLC requirements.

• Own and operate security tooling such as SonarQube Microsoft Sentinel and related vulnerability monitoring and detection platforms.

• Implement and maintain AWS security controls including IAM network segmentation logging encryption and threat detection in line with ISO 27001 Annex A controls.

• Manage identity and access security across AWS and Microsoft 365 including role design conditional access MFA and periodic access reviews.

• Monitor investigate and respond to security alerts and incidents contributing to incident management and continuous improvement processes.

• Partner with engineering teams to define secure architecture patterns and ensure infrastructure-as-code adheres to approved security baselines.

• Support secure software development by defining secure coding standards and working with teams to remediate findings identified through automated and manual reviews.

• Own vulnerability management activities including scanning prioritisation remediation tracking and risk acceptance aligned with organisational risk processes.

• Maintain security documentation runbooks and evidence required for ISO 27001 audits and internal reviews.

• Support internal and external audits by providing evidence implementing corrective actions and tracking control effectiveness.

• Continuously improve security automation detection coverage and operational resilience.

Requirements

• 36 years of experience in DevSecOps cloud security or platform security roles.

• Strong hands-on experience securing AWS environments including IAM VPCs CloudTrail GuardDuty Security Hub and encryption services.

• Proven experience integrating security tooling into CI/CD pipelines including SonarQube for static analysis and code quality enforcement.

• Hands-on experience with SIEM and security monitoring tools including Microsoft Sentinel or equivalent platforms.

• Experience with container dependency and secrets security tooling.

• Strong understanding of secure software development lifecycle (SSDLC) principles and shift-left security practices.

• Experience securing Microsoft 365 environments including Entra ID (Azure AD) Conditional Access Defender and email security.

• Familiarity with ISO 27001 concepts including risk management control implementation evidence collection and audit support.

• Experience working in regulated environments such as financial services fintech or similar industries.

• Strong analytical and problem-solving skills with the ability to balance security risk usability and delivery speed.

• Clear written and verbal communication skills with the ability to collaborate effectively with engineering IT and compliance teams.