Overview

Role: DevSecOps Engineer: Azure Cloud
Location: London or Newcastle
Salary: London up to £85,000 per annum; Newcastle up to £74,000 per annum
Type of contract: Full Time, permanent
Location: Hybrid working. On-site at London or Newcastle office 2 days per week minimum

Nationality Requirement
UK Nationals
Nationals of Commonwealth countries who have the right to work in the UK
Nationals from the EU, EEA or Switzerland with status under the European Union Settlement Scheme (EUSS)
Please note, we are not able to sponsor work visas or accept temporary visas as we are hiring on a permanent basis. Contact hrservicedesk@nao.org.uk with questions on nationality eligibility.

The deadline for applications is 11.55pm 5 October 2025. Applications will be reviewed throughout the campaign.

About the Organisation

The National Audit Office (NAO) is the UK’s main public sector audit body. We value diversity and are committed to flexible working. We welcome applications from everyone and interview all disabled applicants who meet the minimum criteria. Relationships: Reporting to Director Information Security. Internal: close collaboration with Info Sec peers, Digital Services and application development teams. External: Microsoft and other key suppliers and peers. Resources Managed: None.

Why You’ll Love This Role

What You’ll Do

• As a DevSecOps Engineer, you’ll help shape the security of cloud platforms and applications.
• Embed security throughout the software development lifecycle; identify and resolve vulnerabilities quickly.
• Conduct security assessments and support penetration testing to strengthen resilience.
• Continuously improve the Secure Software Development Lifecycle (SSDLC) and promote best practices.
• Transform security requirements into automated, scalable solutions within a modern DevSecOps toolchain.
• Design and implement repeatable, secure deployment strategies for applications across identity, data, apps, and infrastructure.
• Automate security baselines and configuration management using IaC (Bicep/Terraform) and enforce with Azure Policy.
• Develop and maintain secure cloud service solutions leveraging Azure security capabilities; ensure governance, risk, and compliance alignment.
• Support delivery, configuration and optimization of cloud security tools and services.
• Lead investigations into process, resource and tool improvements; coach and mentor technical teams; stay ahead of AI trends and government digital standards.
• Support risk assessments and ensure compliance with security and regulatory requirements across services.

Key Skills and Competencies (Required and Preferred)

• Information/Application Security: design security controls into applications and services (Practitioner).
• Service Support: identify and fix complex application faults; advise on methodologies (Practitioner).
• Development process optimisation (Practitioner).
• Risk-based decision enabling and informing (Working).
• Modern development standards (Practitioner).
• Programming and build: design, code, test and document medium-to-high complexity programs (Practitioner).
• Prototyping: collaborative prototyping and pattern iteration (Practitioner).
• Research and innovation: assess security implications of new technologies (Working).
• Systems Design and Systems integration (Practitioner).
• Security technology: explain vulnerabilities and impacts (Practitioner).
• Understanding security in transformation: policy, business architecture, and legal implications (Working).

Experience and Qualifications

• Strong background in DevSecOps/AppSec practices: CI/CD, IaC, security automation tools; automated security testing; secure code reviews; vulnerability management.
• Leading continuous improvement and problem management: experience in investigations and recommendations.
• Extensive experience implementing Zero Trust security models: MFA, least privilege, micro-segmentation, continuous monitoring.
• Knowledge of compliance and regulatory requirements (e.g., GDPR/DPA2018, ISO27001, NIST); ability to conduct security audits and risk assessments.
• Essential: analytical and problem-solving skills; collaboration; adaptability; broad Azure DevOps/AppSec experience; working towards or holding relevant certifications (CISSP, CISM, CRISC, etc.).
• SC Security Clearance or ability to achieve SC clearance quickly (preferred).
• Preferred: in-depth technical knowledge in ISO27001 and risk management.

Job Function and Seniority

• Seniority level: Entry level
• Employment type: Full-time
• Job function: Engineering and Information Technology
• Industries: Government Administration

Disclaimer: Referrals increase your chances of interviewing at UK National Audit Office. Sign in to set job alerts for “Cloud Engineer” roles.