DevSecOps Architect

Multiverse is the upskilling platform for AI and Tech adoption.

We have partnered with 1500 companies to deliver a new kind of learning thats transforming todays workforce.

Our upskilling apprenticeships are designed for people of any age and career stage to build critical AI data and tech skills. Our learners have driven $2bn ROI for their employers using the skills theyve learned to improve productivity and measurable performance.

In June 2022 we announced a $220 million Series D funding round co-led by StepStone Group Lightspeed Venture Partners and General Catalyst. With a post-money valuation of $1.7bn the round makes us the UKs first EdTech unicorn.

But we arent stopping there. With a strong operational footprint and 800 employees we have ambitious plans to continue scaling. Were building a world where tech skills unlock peoples potential and output.

Join Multiverse and power our mission to equip the workforce to win in the AI era.

The Opportunity

We are looking for a DevSecOps Architect to join our Information Security this role you will be a collaborative and strategic partner to our engineering teams helping design the automation that enables us to ship secure code at velocity. You will advocate for a Security by Design culture ensuring that robust security practices are seamlessly integrated into the fabric of our product development processes.

We are committed to building a diverse and inclusive team. We believe that different perspectives and backgrounds are what make our company and our products stronger.

What Youll Be Doing

Your goal is to architect and build a frictionless security environment where the secure path is the easiest path for our developers.

• Architect Automated Security Pipelines: Partner with the Platform team to design and implement advanced automated security controls (SAST DAST SCA) within our CI/CD pipelines providing engineers with rapid high-fidelity feedback.

• Infrastructure and Policy as Code: You will guide the security architecture for our AWS environment by treating infrastructure as software enabling secure and scalable deployments and ensure automated compliance.

• Threat Detection Engineering: Engineer advanced threat detection capabilities by integrating platform logs and event data (including RabbitMQ) into our SIEM (Google Security Operations). You will develop and tune YARA-L rules to proactively identify and respond to threats.

• Collaborative Design and Threat Modelling: Partner with engineering squads during the design phase of new features facilitating collaborative threat modelling sessions to build security in from the start.

• Developer Enablement: Create feedback loops that deliver security insights directly into developer workflows (e.g. automated PR comments) enabling teams to self-remediate and learn continuously.

What You Will Bring

We are looking for a pragmatic architect who combines technical expertise with a passion for enabling engineering excellence. You do not need to meet every single point below to apply. If you are passionate about security automation and modern AI-driven engineering practices we want to hear from you.

Core Skills and Experience

• Cloud Security Architecture: Experience designing secure scalable architectures on cloud platforms. (We use AWS but if you have strong experience in GCP or Azure we are happy to support your transition).

• Infrastructure as Code: Experience securing Terraform codebases and building secure modules for other teams to use.

• CI/CD Orchestration: Experience with modern pipelines (e.g. CircleCI GitHub Actions or GitLab) and integrating security steps.

• Automation Engineering: Ability to write script and code (e.g. Python Typescript) to build integrations and tooling.

• Modern Detection Engineering: An interest in or experience with modern detection engineering (e.g. Google Chronicle YARA-L or similar SIEM tools).

• Architecture Patterns: Familiarity with securing API-first and Event-Driven Architectures.

• Incident Response and Operations: Participate in the teams on-call rotation including out-of-hours coverage to support platform availability and security. We strive to keep our rotation sustainable and low-noise to respect your work-life balance. You will assist in troubleshooting critical issues lead the response for security-specific incidents. Crucially we believe in a blameless culture so you will drive post-mortems focused on learning and preventing recurrence

• Ambiguity: You thrive in ambiguous and fast-changing environments and know how to make progress even when requirements are evolving.

Bonus points if you have:

• Experience with automated policy enforcement.

• Familiarity with functional programming concepts or Elixir (our core backend language).

• Familiarity with securing AI/ML pipelines or services.

• Experience implementing SCA (Software Composition Analysis).

• A pragmatic approach: You focus on high-impact security wins that support business agility rather than security for securitys sake.

About Certifications We value practical experience and a willingness to learn over specific acronyms. While certifications like CISSP CISM or AWS Security are a bonus they are not required to join our team.

Benefits

• Time off - 27 days holiday plus 5 additional days off: 1 life event day 2 volunteer days 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year

• Health & Wellness- private medical Insurance with Bupa a medical cashback scheme life insurance gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support

• Hybrid work offering - for most roles we collaborate in the office three days per week with the exception of Coaches and Instructors who collaborate in the office once a month

• Work-from-anywhere scheme - youll have the opportunity to work from anywhere up to 10 days per year

• Space to connect: Beyond the desk we make time for weekly catch-ups seasonal celebrations and have a kitchen thats always stocked!

Our Commitment to Diversity Equity and Inclusion

Were an equal opportunities employer. And proud of it. Every applicant and employee is afforded the same opportunities regardless of race colour ancestry religion sex national origin sexual orientation age citizenship marital status disability gender gender identity or expression or veteran status. This will never change. Read our Equality Diversity & Inclusion policy here.

Our Commitment to Safeguarding

Multiverse is committed to safeguarding and promoting the welfare of our learners. We expect all employees to share this commitment and adhere to our Safeguarding Policy our Prevent Policy and all other Multiverse company policies. Successful applicants will be required to undertake at least a Basic check via the Disclosure Barring Service (DBS).

For roles that will involve a Regulated Activity successful applicants must also undergo an Enhanced DBS check including a Childrens Barred List check and a Prohibition Order check. Roles involving Regulated Activity may interact with vulnerable groups therefore are exempt from the Rehabilitation of Offenders Act 1974 meaning applicants are required to declare any convictions cautions reprimands and final warnings.

Providing false information is an offence and could result in the application being rejected or summary dismissal if the applicant has been selected and possible referral to the police and the DBS.

Required Experience:

Staff IC