Senior DevSecOps Engineer

Job Description

Location: Remote

Salary: £75,000 - £85,000

About us

At Arbor, we’re on a mission to transform the way schools work for the better. 

We believe in a future of work in schools where being challenged doesn’t mean being burnt out and overworked. Where data guides progress without overwhelming staff. And where everyone working in a school is reminded why they got into education every day. 

Our MIS and school management tools are already making a difference in over 12,000 schools and trusts. Giving time and power back to staff, turning data into clear, actionable insights, and supporting happier working days. 

At the heart of our brand is a recognition that the challenges schools face today aren’t just about efficiency, outputs and productivity - but about creating happier working lives for the people who drive education everyday: the staff. We want to make schools more joyful places to work, as well as learn. 

About the role

We are looking for an experienced and diligent Senior DevSecOps Engineer to join our DevSecOps team and help us secure the resilience, integrity, and performance of the Arbor platform as it scales — including the AI-enabled systems and developer tooling now central to how we build and operate. The remit and focus of the role is to combine deep security engineering with a secure-by-design mindset, using metrics, automation, and threat modelling to drive measurable improvements. Working closely with architecture, platform, and engineering teams, you will continuously harden our infrastructure, our software supply chain, and the AI systems and agents increasingly embedded across our products and workflows. It’s a broad and exciting role, so we’re looking for someone up for a challenge - if you’re a collaborative and security conscious candidate, this is the role for you.

Core responsibilities

• Collaborate with stakeholders to pinpoint security enhancements across platform architecture and infrastructure, devising and executing strategic plans for implementation
• Work closely with the Platform team to embed robust security processes, controls, and tooling across all system components
• Threat model new and existing systems — including AI/LLM-enabled features and agentic workflows — and translate findings into prioritised, actionable work
• Strengthen our software supply chain: dependency and base-image hygiene, SBOM generation, artefact signing and provenance, and the pinning of third-party actions and packages
• Secure the use of AI across the SDLC, ensuring agentic coding tools, assistants, and MCP integrations operate within safe, well-scoped, and auditable boundaries
• Contribute to the evolution of deployment frameworks, emphasising security, deployment speed, and system stability
• Elevate platform security through strong secrets management and the safe handling of sensitive information
• Play an active role in incident response, resolution, and blameless post-mortems, facilitating continuous improvement
• Participate in knowledge-sharing initiatives, including tech-talks and team-based learning sessions
• Maintain meticulous, current documentation — playbooks, runbooks, and comprehensive systems documentation — to facilitate knowledge dissemination

Requirements

About you

• Extensive experience in cyber security and associated engineering practices
• Vulnerability management and remediation at scale
• Proven track record in DevOps / DevSecOps engineering within large-scale platforms
• Proficiency in distributed cloud systems, particularly Amazon Web Services
• Expertise in Infrastructure as Code (IaC) tooling such as Terraform and CloudFormation
• Experience with languages such as PHP, Bash, or Python
• Experience with Docker and containerisation, with a working understanding of container and runtime security
• Software supply-chain security: SBOMs, dependency scanning, and artefact signing / provenance (e.g. SLSA, Sigstore)
• Secrets management and detection (e.g. Vault, cloud-native secret stores, secret-scanning in CI)
• Security tooling across the SDLC: SAST, DAST, SCA, IaC scanning, and container scanning (e.g. Snyk, Trivy)
• Policy-as-code and guardrails (e.g. OPA / Conftest), with an identity-centric / zero-trust approach to access
• Familiarity with monitoring and detection tooling like DataDog, Prometheus, or similar platforms
• A proactive problem-solving attitude coupled with strong teamwork and communication skills
• Exceptional proficiency in written and spoken English to effectively articulate ideas and concepts

AI security and safe AI usage

• Practical understanding of AI/LLM security risks and their mitigations — e.g. prompt injection, jailbreaks, insecure output handling, sensitive-data leakage, and excessive agency (aligned to the OWASP Top 10 for LLM Applications)
• Experience securing AI-assisted and agentic development tooling: scoping permissions, sandboxing, logging and audit, and preventing secret or data exfiltration through AI agents and MCP servers
• Familiarity with AI threat modelling and adversarial techniques (e.g. MITRE ATLAS) and with conducting or supporting AI-aware red teaming
• Awareness of AI governance and assurance frameworks (e.g. NIST AI RMF, ISO/IEC 42001) and how they intersect with data-protection obligations for a multi-tenant platform handling children's data
• Confident, responsible use of AI tooling to accelerate security work — triage, detection engineering, code review, and documentation — while understanding and accounting for its limitations

Bonus skills

• Past experience with enterprise solutions running at scale
• Familiarity with kanban and agile development processes
• Familiarity with software best practices such as Refactoring, Clean Code, Domain-Driven Design, Test-Driven Development, etc.
• Experience with compliance frameworks relevant to EdTech (e.g. NIST CSF, ISO 27001, SOC 2, UK GDPR)
• Relevant certifications (e.g. AWS Security Specialty, OSCP, or AI security / governance credentials)

Benefits

What we offer

The chance to work alongside a team of hard-working, passionate people in a role where you’ll see the impact of your work everyday. We also offer:

• A dedicated wellbeing team who champion initiatives such as mindfulness, lunch n learns, manager training, mental health first aid training and much more!
• 32 days holiday (plus Bank Holidays). This is made up of 25 days annual leave plus 7 extra company wide days given over Easter, Summer & Christmas
• Life Assurance paid out at 3x annual salary
• Comprehensive wellness benefit provided by AIG Smart Health, which provides a 24/7 virtual GP service, Mental health support, Counselling, and personalised Health Checks 
• Private Dental Insurance with Bupa 
• Salary sacrifice Pension provided by Scottish Widows
• Enhanced maternity and adoption leave (20 weeks full pay) and paternity (6 weeks full pay) pay
• 5 free return to work maternity coaching sessions, helping you adapt to this new exciting time of life!
• Access to services such as Calm and Bippit (financial wellbeing coaching) 
• All of our roles champion flexible working and we are happy to discuss what this means to you
• Social committees that plan team, office and company wide events to bring people together and celebrate success
• Dedicated professional development training budget (CPD courses, upskilling resources, professional memberships etc)
• Volunteer with a charity of your choice for a day each year
• Dog friendly offices!

Interview process

1. Phone screen
2. 1st stage
3. 2nd stage

We are committed to a fair and comfortable recruitment process, so if you require any reasonable adjustments during your application or interview process, please reach out to a member of the team at [email protected].

Our commitment is also backed by our partnership with Neurodiversity Consultancy, Lexxic who provide us with training, support and advice. 

Arbor Education is an equal opportunities organisation

Our goal is for Arbor to be a workplace which represents, celebrates and supports people from all backgrounds, and which gives them the tools they need to thrive - whatever their ambitions may be so we support and promote diversity and equality, and actively  encourage applications from people of all backgrounds. 

Refer a friend 

Know someone else who would be good for this role? You can refer a friend, family member or colleague, if they are offered a role with Arbor, we will say thank you with a voucher valued up to £200! Simply email: [email protected] 

Please note: We are unable to provide visa sponsorship at this time.