Senior DevSecOps Engineer

Position Description:

At CGI we are shaping secure digital platforms that power critical services and deliver measurable outcomes for our clients. As a Security Engineer you will play a vital role in embedding security across the DevOps lifecycle ensuring solutions are resilient compliant and designed to scale. We integrate security from the outset combining automation innovation and collaboration to protect systems while enabling rapid delivery. You will join a culture where ownership is encouraged ideas are valued and expertise drives real impact. Together we build secure high-performing platforms that safeguard data strengthen trust and support long-term transformation.

CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named a UK Best Employer by the Financial Times. We offer a competitive salary excellent pension private healthcare plus a share scheme (3.5% 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector including our Armed Forces and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and youll be part of an open friendly community of experts. Well train and support you in taking your career wherever you want it to go.

Due to the secure nature of the programme you will need to hold UK Security Clearance (SC) or be eligible to obtain clearance as part of onboarding. This is a remote role with occasional travel to London or surrounding offices.

Your future duties and responsibilities:

In this role you will embed security at the heart of our DevOps software development lifecycle ensuring applications platforms and pipelines are secure by design. You will take ownership of security controls across cloud containerised and virtualised environments integrating automated testing and compliance checks that enable teams to deliver at pace without compromising resilience. Working closely with platform and software engineers you will act as a trusted security partner translating risk into practical actionable controls that drive measurable improvement.

You will continuously enhance our DevSecOps capabilities strengthening vulnerability management monitoring and incident response processes. With the backing of experienced colleagues and central security teams you will contribute ideas refine tooling and champion best practice across engineering communities helping to build a proactive and sustainable security posture.

Key responsibilities:

Lead & Embed Secure Design: Champion secure-by-design principles across applications platforms and CI/CD pipelines.
Automate & Validate Controls: Integrate SAST DAST SCA and policy-as-code into pipelines to ensure continuous security assurance.
Manage & Mitigate Risk: Identify triage prioritise and track vulnerabilities through to remediation.
Strengthen Cloud & Platform Security: Secure cloud services container platforms IAM and secrets management using least-privilege models.
Monitor & Respond: Support security monitoring logging alerting and incident response activities.
Collaborate & Influence: Partner with engineering and assurance teams to translate security requirements into effective technical solutions.
Improve & Innovate: Enhance automation tooling and processes to reduce risk and drive continuous improvement.

Required qualifications to be successful in this role:

To succeed you will bring strong experience in security engineering or DevSecOps within Agile environments with a clear understanding of how to embed security throughout the DevOps SDLC. You will combine technical depth in cloud and pipeline security with the ability to communicate risk clearly and influence diverse stakeholders.

You should have:

Proven experience in Security Engineering DevSecOps or DevOps-focused security roles.
Strong knowledge of vulnerability management and tools such as SAST DAST and SCA.
Experience securing cloud platforms (e.g. Azure) virtualised and containerised environments.
Familiarity with CI/CD tools (e.g. Azure DevOps Jenkins) and version control (Git).
Understanding of Infrastructure as Code (e.g. Terraform ARM Bicep) and configuration management.
Knowledge of security frameworks and threat modelling approaches (e.g. OWASP CIS STRIDE).
Scripting or automation skills (e.g. PowerShell Bash).
Experience working in Agile teams using tools such as Jira and Confluence.

#LI-JW1

Skills:

• DevOps
• GIT
• GIT
• Identity and Access Mgt (IAM)
• Network Security
• Public Cloud Security
• Linux

What you can expect from us:

Together as owners lets turn meaningful insights into action.

Life at CGI is rooted in ownership teamwork respect and belonging. Here youll reach your full potential because

You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction.

Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas embrace new opportunities and benefit from expansive industry and technology expertise.

Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our teamone of the largest IT and business consulting services firms in the world.