Job description
DevOps Engineer
Location: Sheffield – Hybrid (3 days in office per week)
Rate: Market rate (Inside IR35)
Duration: 6 months
The Role
We are seeking a DevOps Engineer to own and evolve our Jenkins Shared Library, powering multi-language builds across Java/Maven, Node/NPM, Python, Helm, Terraform, and containers. The successful candidate will deliver fast, secure, provenance-rich pipelines in line with SLSA standards, strengthen supply-chain integrity, and mentor teams on best practices.
Key Responsibilities
Essential Skills & Experience
Desirable Skills
Location: Sheffield – Hybrid (3 days in office per week)
Rate: Market rate (Inside IR35)
Duration: 6 months
The Role
We are seeking a DevOps Engineer to own and evolve our Jenkins Shared Library, powering multi-language builds across Java/Maven, Node/NPM, Python, Helm, Terraform, and containers. The successful candidate will deliver fast, secure, provenance-rich pipelines in line with SLSA standards, strengthen supply-chain integrity, and mentor teams on best practices.
Key Responsibilities
- Design, maintain, and enhance Groovy pipeline steps for build, test, package, scan, and deployment processes.
- Extend Python tooling for SLSA provenance, SBOM generation, hash/digest validation, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container).
- Optimise pipeline performance using parallel builds, caching, scope-reduced BOMs, and dependency prefetching.
- Ensure artifact integrity through correct SHA1/SHA256 mapping, reproducible builds, and evidence modelling.
- Refactor and modernise legacy scripts, removing global state, consolidating hashing, and standardising templates.
- Document CI/CD configuration standards, ci-config.yaml usage patterns, and pipeline conventions.
- Mentor engineers on secure pipeline development and supply-chain security practices.
- Troubleshoot, resolve, and prevent pipeline incidents and bottlenecks.
Essential Skills & Experience
- 7+ years of engineering experience, with at least 3 years in CI/CD platforms or DevSecOps.
- Strong expertise in Jenkins Shared Libraries and Groovy scripting.
- Advanced Python automation, including JSON/YAML processing and tooling scripts.
- Deep understanding of Maven, NPM, and Python packaging; exposure to Helm, Terraform, and container image metadata.
- Knowledge of supply-chain security, including SLSA, CycloneDX SBOMs, and digests.
- Experience with SonarQube, Sonatype IQ, container and SAST scanning.
- Proven skills in pipeline performance tuning, including caching, parallelisation, and dependency pruning.
- Awareness of compliance and security standards relevant to CI/CD pipelines.
Desirable Skills
- Experience with artifact signing and attestations (e.g., cosign, OCI).
- Familiarity with Terraform module and Helm chart publishing patterns.
- Experience in GitOps or release automation workflows.
- Exposure to GCP or AWS cloud environments.