DevSecOps Pentester

Posted 01 September 2025
Salary Competitive
LocationLondon
Job type Contract
Discipline Cyber Security
Reference74795

Job description

DevSecOps Pentester

Location: London (Hybrid – 2/3 days in office)
Contract Type: Contract (6 months)
Day Rate: 535 - 550 GBP (Inside IR35)
Start Date: ASAP

The Role

We are seeking an experienced DevSecOps Pentester to join a high-performing security team. The successful candidate will conduct penetration tests and security assessments across CI/CD pipelines, cloud infrastructure, and application environments. You will integrate automated security tools into DevOps workflows, identifying vulnerabilities before they reach production, and collaborate with developers and operations teams to enhance security posture.

This role requires a mix of hands-on penetration testing, automation expertise, and strong collaboration skills within agile environments.

Key Responsibilities

  • Integrate security practices and tooling into DevOps pipelines.

  • Perform penetration testing and security reviews on CI/CD pipelines, cloud, containers, and web/API applications.

  • Contribute to IaC automation, including ServiceNow integrations and AWS service catalogue automation.

  • Identify vulnerabilities during the design phase, applying threat modelling and secure design principles.

  • Deliver detailed reports, including executive summaries and technical findings, with actionable remediation advice.

  • Retest vulnerabilities and validate fixes.

  • Track and manage security issues via Jira workflows.

  • Advise on secure deployment, IAM, and secrets management practices.

  • Educate development and operations teams on emerging threats and best practices.

Essential Skills & Experience

  • Strong application security knowledge (OWASP Top 10, API security).

  • Manual penetration testing of modern web applications, APIs, and CI/CD pipelines.

  • Deep understanding of DevSecOps practices, secure SDLC, and threat modelling.

  • Hands-on experience automating security checks within CI/CD (Jenkins, GitLab, Ansible).

  • Knowledge of secure coding practices and common developer vulnerabilities.

  • Scripting skills for automation and testing (Python, Bash, Go).

  • Proficiency with cloud-native architectures (Docker, Kubernetes, IaC).

  • Experience securing cloud platforms (AWS, Azure, GCP).

  • Excellent communication and ability to work in agile teams.

Desirable Skills & Experience

  • Strong client engagement and reporting skills.

  • Proven use of modern security tooling in production environments.

  • Experience testing cloud and IaC misconfigurations.

  • Ability to document findings clearly and support remediation.

  • Relevant certifications (desirable but not required):

  • OSCP, OSWA, CRTO, GWAPT, GPEN, eWPT

  • Azure Security Engineer Associate / AWS Security Specialty

  • Kubernetes Security / DevSecOps certifications

Please email your CV to [email protected] for immediate consideration.