Multiverse

DevSecOps Architect

Multiverse

full-time

Posted on:

Location Type: Hybrid

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudGoogle Cloud PlatformPythonRabbitMQTerraformTypeScript

About the role

  • Architect Automated Security Pipelines: Partner with the Platform team to design and implement advanced automated security controls (SAST, DAST, SCA) within our CI/CD pipelines, providing engineers with rapid, high-fidelity feedback.
  • Infrastructure and Policy as Code: You will guide the security architecture for our AWS environment by treating infrastructure as software enabling secure and scalable deployments and ensure automated compliance.
  • Threat Detection Engineering: Engineer advanced threat detection capabilities by integrating platform logs and event data (including RabbitMQ) into our SIEM (Google Security Operations). You will develop and tune YARA-L rules to proactively identify and respond to threats.
  • Collaborative Design and Threat Modelling: Partner with engineering squads during the design phase of new features, facilitating collaborative threat modelling sessions to build security in from the start.
  • Developer Enablement: Create feedback loops that deliver security insights directly into developer workflows (e.g., automated PR comments), enabling teams to self-remediate and learn continuously.

Requirements

  • Cloud Security Architecture: Experience designing secure, scalable architectures on cloud platforms. (We use AWS, but if you have strong experience in GCP or Azure, we are happy to support your transition).
  • Infrastructure as Code: Experience securing Terraform codebases and building secure modules for other teams to use.
  • CI/CD Orchestration: Experience with modern pipelines (e.g., CircleCI, GitHub Actions, or GitLab) and integrating security steps.
  • Automation Engineering: Ability to write script and code (e.g., Python, Typescript) to build integrations and tooling.
  • Modern Detection Engineering: An interest in or experience with modern detection engineering (e.g., Google Chronicle, YARA-L, or similar SIEM tools).
  • Architecture Patterns: Familiarity with securing API-first and Event-Driven Architectures.
  • Incident Response and Operations: Participate in the team's on-call rotation, including out-of-hours coverage to support platform availability and security. We strive to keep our rotation sustainable and low-noise to respect your work-life balance. You will assist in troubleshooting critical issues, lead the response for security-specific incidents. Crucially, we believe in a blameless culture, so you will drive post-mortems focused on learning and preventing recurrence.
  • Ambiguity: You thrive in ambiguous and fast-changing environments, and know how to make progress even when requirements are evolving.
Benefits
  • Time off - 27 days holiday, plus 5 additional days off: 1 life event day, 2 volunteer days, 2 company-wide wellbeing days (M-Powered Weekend) and 8 bank holidays per year
  • Health & Wellness- private medical Insurance with Bupa, a medical cashback scheme, life insurance, gym membership & wellness resources through Wellhub and access to Spill - all in one mental health support
  • Hybrid work offering - for most roles we collaborate in the office three days per week with the exception of Coaches and Instructors who collaborate in the office once a month
  • Work-from-anywhere scheme - you'll have the opportunity to work from anywhere, up to 10 days per year
  • Space to connect: Beyond the desk, we make time for weekly catch-ups, seasonal celebrations, and have a kitchen that’s always stocked!
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
AWSGCPAzureTerraformPythonTypescriptCircleCIGitHub ActionsGitLabYARA-L
Soft Skills
collaborationproblem-solvingadaptabilitycommunicationleadershipincident responseblameless culturefeedback loopscontinuous learningthreat modelling