DevSecOps Engineer

Our benefits

• Share Options (EMI) scheme 
• 25 days annual leave, plus flexible bank holidays and the opportunity to buy additional days 
• Enhanced workplace Pension scheme - opt in salary sacrifice scheme  
• Life Insurance (3x annual salary) 
• Employee Assistance Programme (EAP) and workplace wellbeing initiatives 
• Private Healthcare cash-back scheme  
• Flexible working hours and location, open to part-time/ condensed hours  
• Flexible benefits, such as: Cycle to Work, volunteer days/ opportunities and charity events 
• Enhanced parental leave packages and enhanced sick pay 
• Training and development opportunities 
• Engagement and celebration activities– anniversaries, birthdays, team building, company-wide events 

Role specifics

• Salary range: Market rate
• Reporting to: Head of Platform
• Key stakeholders: Technology and Product, InfoSec, Support
• Organisational Framework Level: 3

About you/ Job Summary

We are seeking a pragmatic and highly skilled DevSecOps Engineer to join our Platform team. In this role, you will be responsible for identifying, prioritising and remediating security issues as a security engineer and lead analyst to support the broader organisation. You will collaborate closely with Platform, Infrastructure, Development and Security teams to embed security practices throughout the software delivery lifecycle, with a strong focus on Microsoft Azure and associated security tooling.

At Clue Software, we’re actively adopting AI to enhance our products and workflows. You'll bring curiosity and a willingness to leverage AI tools and approaches that drive innovation.

Key Accountabilities

Azure Security Engineering

• Design, implement and maintain security controls in Azure environments (subscriptions, resource groups, network security, Key Vault).

• Implement and configure Microsoft Sentinel for SIEM use cases: log ingestion, analytics rules, playbooks and workbooks.

• Deploy and manage Microsoft Defender solutions (Defender for Cloud, Defender for Servers, Defender for Containers) to harden Azure workload

• Operate vulnerability management tools to discover and prioritise flaws across cloud and on-prem systems.

• Define and run patch management processes for virtual machines, containers and serverless functions.

• Integrate vulnerability scanning (e.g. Qualys, Sonar Cloud, Tenable or Azure-native scanners) into CI/CD pipelines.

• Perform root-cause analysis of security incidents and vulnerabilities.

• Conduct threat modelling, code and infrastructure reviews.

• Develop and execute incident response procedures, leveraging Sentinel playbooks and Logic Apps when required.

CI/CD & Automation

• Integrate automated security testing (SAST, DAST, SCA) into Azure DevOps pipelines or GitHub Actions.

• Create Infrastructure as Code (IaC) with Terraform or ARM templates, embedding security checks.

• Automate security operations tasks using Azure Functions, Logic Apps or PowerShell scripts.

Cross-functional Collaboration

• Partner with Software Engineering, SRE and Product teams to ensure security requirements are understood and met.

• Act as a security subject-matter expert during architecture and design reviews.

• Mentor and upskill engineers on secure coding and DevSecOps best practices
  

Continuous Improvement

• Develop and refine security playbooks, runbooks and incident response procedures.

• Monitor security metrics and key risk indicators and identify opportunities to improve tooling and processes.

• Evaluate and pilot emerging security technologies, especially within the Microsoft security ecosystem.
  
  

Experience and skills

Our ideal candidate would have experience in the following areas:

Qualifications

• Bachelor’s degree in Computer Science, Information Security or equivalent experience.

• Desirable certifications: Azure Security Engineer Associate, Microsoft Certified: Sentinel, CISSP, CISM, or OSCP.

Azure & Microsoft Security Expertise

• Deep hands-on experience securing Microsoft Azure workloads and services (IAM, networking, Key Vault).

• Proven track record configuring and optimising Microsoft Sentinel (SIEM) and Microsoft Defender tools.

• Familiarity with Azure Policy and Azure Blueprints for compliance enforcement.

Vulnerability & Patch Management

• Practical experience with vulnerability scanners (Qualys, Tenable, or Azure Defender Vulnerability Assessment).

• Knowledge of patch management frameworks (WSUS, Azure Update Management, third-party tools).

• Ability to design and enforce patch windows and remediation SLAs.

DevSecOps Toolchain

• Proficient with CI/CD tooling in Azure DevOps or GitHub Actions.

• Experience integrating SAST (e.g. SonarQube), DAST (e.g. OWASP ZAP) and SCA (e.g. Dependabot, Snyk) into pipelines.

• Infrastructure as Code: Terraform, ARM or Bicep.

• Knowledge of containerisation (Docker, Kubernetes/AKS) and container security best practices.

• Experience securing serverless or PaaS workloads in Azure (Functions, App Service).

Security Frameworks & Secure by Design

• Strong understanding of Secure by Design principles and ability to bake security in from concept through production.

• Practical experience implementing the NCSC or NIST Cybersecurity Framework (CSF) and/or NIST SP 800-53 controls.

• Demonstrable understanding of ISO/IEC 27001 requirements and hands-on experience mapping technical controls to ISO clauses, supporting auditing and documentation.

• Ability to translate framework requirements into actionable engineering tasks, policies and automated checks

• Strong analytical mindset; able to drill down into logs, code and configuration to identify root causes.

• Clear, concise written and verbal communication; capable of presenting technical findings to both technical and non-technical audiences.

• Confident to support customer discussions on security compliance as needed.

• Excellent collaboration and stakeholder-management skills.
  
  

Diversity, Equity and Inclusion

If you’re excited about this role but your experience doesn’t align perfectly, we encourage you to apply anyway and tell us more about yourself. You may be just the right candidate for this or other roles.

We believe that seeing the world from all sorts of angles makes life better for all. We want you to know that the things that make you an individual, like your identity, age, ethnicity, religion, ability and background, are things that we choose to celebrate and support.

We are a scale-up company, and as we continue to grow, we are passionate that having a diverse, inclusive and authentic workplace will remain at our core. We are creating an inclusive environment where our people can thrive.

Our values are aligned and at the heart of everything we do. We are respectful, united, rigorous, relentless and ethical.