Senior DevSecOps engineer

Remote-first role within the UK, with quarterly tribe days and occasional off-sites/workshops in Bath, London or Edinburgh.

Seccl is the Octopus-owned embedded investment platform that’s on a mission to helping more people to invest – and invest well.

We’re B-Corp certified with an amazing product-market fit, impressive early traction and the potential to transform an outdated industry, for the better. We've been growing fast and will scale even faster over the next few years.

We’re also proud to be part of Octopus, the £multi billion group that's on a mission to breathe new life into broken industries, through companies like Octopus Energy, Octopus Investments and Octopus Money.

Check out the Seccl website for the latest on our products and our mission to shape the future of investments.

We’re looking for a Senior DevSecOps Engineer to join our DevSecOps team, reporting to the Squad Engineering Manager (SEM) and working closely with product engineering squads and platform teams. The role is Node.js-heavy and initially focused on authentication: completing our migration from a legacy auth system to Auth0, moving M2M clients to Private Key JWT (with client-credentials fallback where needed), and automating customer onboarding (keys/JWKs and SSO enablement). It’s a hands-on opportunity to ship high-impact security work that directly unblocks delivery.

The DevSecOps team partners across the business to make secure-by-default the easiest path - through guardrails, self-service tooling, and CI/CD enablement. We’re a collaborative, remote-first group with clear objectives: land the Auth0 rollout, deprecate legacy auth safely, and introduce scope-based, fine-grained access controls across our API and UI. You’ll help us deliver these programmes while strengthening our platform security posture and accelerating product teams.

• Designing, building, and maintaining production-grade Node.js integrations, CLIs, and automation surrounding our Auth0 identity platform.

• Leading firm-by-firm migrations to Auth0, implementing robust cutover strategies using feature flags, canaries, and detailed rollback plans.

• Architecting and automateing customer onboarding processes, including keypair/CSR handling, JWK publishing, and SSO connection setup.

• Utilising Infrastructure as Code (Terraform) and CI/CD (GitHub Actions) to manage Auth0 configuration and ensure safe, repeatable deployments.

• Implementing comprehensive observability for authentication paths with structured logs, monitoring dashboards, alerts, and SLOs.

• Collaborating closely with product, engineering, and support teams on migration timelines, communications, and incident response.

• Proficiency in Node.js, with proven experience building production services or CLIs with robust testing, error handling, and secure coding practices.

• Strong experience with Infrastructure as Code (Terraform) and CI/CD (GitHub Actions) for automating cloud and identity configurations, including secure secrets management.

• Solid understanding of core AWS services relevant to modern authentication patterns, such as API Gateway, Lambda authorisers, and CloudWatch.

• A commitment to observability, with hands-on experience implementing structured logging, dashboards, and SLOs for critical services.

• Excellent collaboration skills, demonstrated through participation in design reviews, pairing, and writing clear technical documentation (e.g., runbooks, ADRs).

• Experience with enterprise SSO (OIDC/SAML), SCIM provisioning, and proficiency in TypeScript are highly desirable.

• You rely on a lot of top-down direction. Here, you’ll have a lot of freedom and ownership of your role, and you’ll be expected to shape your own progression

• You’re not comfortable working in a fast-paced environment. Our speed and scalability are what set us apart; you need to be able to act quickly and think on your feet

• You struggle to follow through on ideas. We value people who do what they say they will. If you care about something, you have the freedom here to make it happen

• You don’t like change. You’ll get on great here if you relish the ambiguity of rapid growth and are willing to embrace uncertainty

We offer a generous mix of benefits for the things that really matter to our people, including:

🌴 27 days holiday + bank holidays (some can be flexible) + day off on your birthday + three days (full time) per year for Dependant leave

💙 Two volunteering days per year

🌎 Option to work abroad for up to six weeks a year

🌟 Secclbrate - our recognition programme that offers a mix of flexible rewards including extra pay, additional holiday and increased learning budget

🏅 Length of service award – one month paid sabbatical at eight years

✅ 6% employer pension contribution, and life assurance

🏥 Private medical insurance with AXA Health

👪 Enhanced Parental leave

💻 MacBook and up to £500 home office set up budget

📖 £750 per person learning budget

🌻 Health and wellbeing initiatives including free therapy via Wellness Cloud, mental health support via Headspace

🌱 Strong financial wellbeing focus including access to Octopus Money, Octopus Share Incentive Plan and will writing offering via Octopus Legacy

🎁 Perkbox – Flexi-points giving you a range of discounts and perks including free weekly coffee, gym and retail discounts

🚲 Access to initiatives like Cycle to Work and Octopus Electric Vehicle Leasing

We're proud to put people first, creating a culture where we truly listen to what matters most to them. Our transparent and inclusive environment encourages diversity of thought, challenge and experimentation.

Check out our Glassdoor page for the latest reviews or our LinkedIn for company updates and insights from the team.

Interviewing is a two-way thing, and we want you to have the time and opportunity to get to know us, as much as we are getting to know you. Our interviews are conversational, so come with questions and be curious. In general, you can expect the interview process to look a bit like this, (following an initial chat with one of our Talent team):

• Stage 1: Take-Home technical task

• We'll send you a brief technical challenge that reflects the type of work we do. To submit your work, we’ll invite you to a private GitHub repository where you can create a pull request with your changes. We respect your time, so we’ve designed the task to be completed within a 60-90 minute time-box, and you'll have a few days to complete it at your convenience.

• Please don’t worry about creating a perfect, production-ready solution. We use this task as a practical starting point for our technical conversation in the next stage and are most interested in your approach and thought process.

• Stage 2: Technical Discussion & Task Review (60 minutes)

• Stage 3: Bar-raiser culture-based interview (45 minutes)

⏳ We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out and you should expect to hear back from us within one to two weeks of applying.

🌈 Our aim is to build a diverse and inclusive company of awesome people, with unique skills, passions and experiences. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

If this sounds like your kind of thing, we encourage you to apply even if you don’t tick every box. We’d love to hear from you!

#LI-VS1 #LI-hybrid #LI-remote