DevSecOps Engineer

Senior Engineer - DevSecOps
Senior Engineer - DevSecOps
Location: Remote (Global)
At Holland & Barrett, we are a 150-year-old startup. We have undergone a significant
digital transformation and are now a predominantly cloud-native organisation,
leveraging containers, Kubernetes, serverless, and event-driven architectures to
modernise how we build and operate software.
We are looking for a DevSecOps Engineer to join the team responsible for building
and evolving our secure internal platform. This is a hands-on role focused on
embedding security into how engineers build, deploy, and operate systems, without
slowing them down!
Our team works alongside the Site Reliability Engineering, Cloud, and Application
Security teams, contributing to the overall internal platform and shared engineering
foundations.

The Ambition
We are building a secure, scalable, and resilient operational platform that enables
teams to move quickly while meeting our security and compliance obligations by
default.
Our ambition is to deliver a strong developer experience with a clear, automated, and
secure path to production. We treat the platform as a product for engineers. Security,
reliability, and usability are first-class concerns, designed in from the start rather than
bolted on later.
This platform underpins our engineering standards and enables teams to ship high-
quality software safely and consistently.

The Role
As a DevSecOps Engineer, you will be a core contributor to the design,
implementation, and operation of our internal platform. This is a delivery-focused
role, not an advisory one.
You will work closely with SRE, Cloud, and Application Security teams to embed
security controls, guardrails, and best practices directly into our tooling, pipelines,
and infrastructure. You will help define how security is applied at scale in a
pragmatic, developer-friendly way.

You will influence engineering culture through code, automation, and clear technical
standards—raising the baseline for security and operational excellence across the
organisation.

The Tech Stack
While the platform continues to evolve, you can expect to work with a modern, cloud-
native stack, including:
 Cloud & Networking: AWS (multi-account, IAM, VPC networking, managed
services), on-prem connectivity and routing (e.g. hybrid networking, transit,
private connectivity)
 Containers & Orchestration: Docker, Kubernetes (EKS), ECS
 Infrastructure as Code: OpenTofu, Terragrunt, CloudFormation
 CI/CD: GitLab CI, reusable CI components, self-hosted runners
 Security & Identity: Microsoft Entra, AWS IAM, OIDC, secrets management,
policy-as-code
 Observability: Centralised logging, metrics, and tracing (e.g. Datadog,
OpenTelemetry)
 Configuration & Platform Automation: Declarative configuration and
infrastructure management as the default approach
 Internal Tooling & Developer UIs: Internal tools, services, and developer-
facing UIs built with Python, Go, and modern frontend frameworks
 Version Control & Collaboration: Git, merge requests, code review
workflows
We value strong fundamentals over rigid tool preferences. If you understand the
principles, you’ll be effective here, even if you haven’t used every tool listed.

What You’ll Do
 Design, build, and operate secure cloud and platform capabilities used by
product and engineering teams
 Embed security controls and best practices across the software delivery
lifecycle, by default
 Build and maintain CI/CD pipelines and re-usable components that are fast,
reliable, and secure

 Automate security, compliance, and operational checks to reduce manual
effort and risk
 Partner with engineering teams to understand their workflows and remove
friction
 Contribute to platform architecture, standards, and technical direction
 Promote ownership, continuous improvement, and pragmatic DevSecOps
practices

What You’ll Bring
 Hands-on experience as a DevSecOps Engineer, Platform Engineer, Cloud
Security Engineer, or similar role
 Strong understanding of DevSecOps principles, including CI/CD,
infrastructure as code, and security automation
 Solid experience working in AWS environments
 Practical knowledge of containerised workloads and Kubernetes
 Clear communication skills and the ability to work effectively across teams
 A focus on raising engineering standards through practical, scalable solutions

Why Holland & Barrett?
You will be joining at a point where the platform is still being actively shaped, with
real scope to influence how security and delivery work across the organisation.
This role offers autonomy, technical ownership, and the opportunity to build
foundational capabilities that directly impact hundreds of engineers. We offer a
competitive salary, comprehensive benefits, and flexible working arrangements.
If you care about building secure systems that developers actually want to use—and
you prefer solving problems with code and automation rather than policy
documents—we’d like to hear from you.