DevSecOps Lead

Job title: DevSecOps Lead

Location: Warton. We offer a range of hybrid and flexible working arrangements. Please speak to your recruiter about the options for this particular role.

Salary: £54,793+ depending on skills and experience.

What you’ll be doing:

• Working alongside DevOps Engineers in applying good cybersecurity practice aligned with DevOps methodologies.
• Define and communicate security standards and governance guidelines, integrating them practically with DevOps processes.
• Advise teams on secure-by-design principles, secure coding, infrastructure-as-code, and automated security testing.
• Act as a point of expertise for selecting, configuring, and effectively using security tooling, automation, CI/CD and managing vulnerabilities.
• Monitoring and managing deployment and support and serving as an escalation point for cybersecurity incidents.
• Establishing processes and tools that ensure compliance with the relevant data privacy and protection regulations and industry regulatory controls.
• Understanding and assessing existing processes to identify how to improve and streamline team effectiveness.

Your skills and experiences:

• Experience with security frameworks and standards (e.g., ISO27001, CIS, NIST, OWASP).
• Experience working within DevOps teams, applying secure software development and infrastructure-as-code practices.
• Practical understanding of security tooling, vulnerability scanning, and security testing tools (e.g., SonarQube, OWASP ZAP, Snyk, Checkmarx).
• Experience with common DevOps and CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps, Kubernetes).
• Good understanding of security principles, tools, and practices for experience with CI/CD tools (e.g., Jenkins, GitLab CI/CD).
• Ability to balance security requirements with practical, agile software development needs.

Benefits:

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive.

The Air Sector Cyber team:

As a DevSecOps Lead, you’ll play a pivotal role in integrating robust cybersecurity practices into our DevOps ways of working. You’ll provide practical guidance and clear direction to DevOps engineers, ensuring security is embedded seamlessly into software development and delivery processes. Your role will involve defining and communicating security standards, developing practical governance frameworks, and advising teams on secure-by-design principles, secure coding, infrastructure-as-code, and automated security testing. You’ll act as an advisor on security tooling, vulnerability management, and compliance requirements, helping teams continuously evaluate and enhance their security posture. You’ll collaborate closely with cybersecurity specialists and DevOps teams to embed security throughout all stages of delivery, staying informed of emerging threats and trends.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

We welcome applications from all suitably qualified people, who are BAE Systems employees and have been in their current role for 12 months or longer.

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation. All applicants must as a minimum achieve Baseline Personnel Security Standard. Many roles also require higher levels of National Security Vetting where applicants must typically have 5 to 10 years of continuous residency in the UK depending on the vetting level required for the role, to allow for meaningful security vetting checks.

Closing Date: 15th April 2025.

We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.