About the role

DevSecOps Architect joining Multiverse's Information Security team to build automation for secure code delivery. Advocate for security practices by collaborating with engineering teams to ensure secure product development.

Responsibilities

Architect Automated Security Pipelines: Partner with the Platform team to design and implement advanced automated security controls (SAST, DAST, SCA) within our CI/CD pipelines, providing engineers with rapid, high-fidelity feedback.
Infrastructure and Policy as Code: You will guide the security architecture for our AWS environment by treating infrastructure as software enabling secure and scalable deployments and ensure automated compliance.
Threat Detection Engineering: Engineer advanced threat detection capabilities by integrating platform logs and event data (including RabbitMQ) into our SIEM (Google Security Operations). You will develop and tune YARA-L rules to proactively identify and respond to threats.
Collaborative Design and Threat Modelling: Partner with engineering squads during the design phase of new features, facilitating collaborative threat modelling sessions to build security in from the start.
Developer Enablement: Create feedback loops that deliver security insights directly into developer workflows (e.g., automated PR comments), enabling teams to self-remediate and learn continuously.

Cloud Security Architecture: Experience designing secure, scalable architectures on cloud platforms. (We use AWS, but if you have strong experience in GCP or Azure, we are happy to support your transition).
Infrastructure as Code: Experience securing Terraform codebases and building secure modules for other teams to use.
CI/CD Orchestration: Experience with modern pipelines (e.g., CircleCI, GitHub Actions, or GitLab) and integrating security steps.
Automation Engineering: Ability to write script and code (e.g., Python, Typescript) to build integrations and tooling.
Modern Detection Engineering: An interest in or experience with modern detection engineering (e.g., Google Chronicle, YARA-L, or similar SIEM tools).
Architecture Patterns: Familiarity with securing API-first and Event-Driven Architectures.
Incident Response and Operations: Participate in the team's on-call rotation, including out-of-hours coverage to support platform availability and security. We strive to keep our rotation sustainable and low-noise to respect your work-life balance. You will assist in troubleshooting critical issues, lead the response for security-specific incidents. Crucially, we believe in a blameless culture, so you will drive post-mortems focused on learning and preventing recurrence.
Ambiguity: You thrive in ambiguous and fast-changing environments, and know how to make progress even when requirements are evolving.

Time off - 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year
Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support
Hybrid work offering - for most roles we collaborate in the office three days per week with the exception of Coaches and Instructors who collaborate in the office once a month
Work-from-anywhere scheme - you'll have the opportunity to work from anywhere, up to 10 days per year
Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!