DevSecOps Engineer

Company Description Heatly recently welcomed United Living Group as a majority shareholder. The strategic partnership underpins our future growth by providing the financial strength and industry needed to expand our services and reach. United Living Group's investment enables Heatly to enhance our capabilities, broaden our product scope and accelerate our market expansion efforts with a core focus on the regulatory global decarbonisation of heat, initially through heat pump roll out and with £1.8m of UK Gov development funding already injected.  We have developed a Software as a Service (SaaS) platform that is currently at the MVP stage and is now starting to operationalise and commercialise having gained enterprise “proof of concept” contracts with two of the largest energy companies. Our focus is on delivering net zero emissions from domestic heating which is aligned with the UK government’s ambition.  So far approximately 190+ million heat pumps are installed globally which accounts for only 10% of overall sales and only 20 million of these are in Europe.  There is a significant ‘Total Addressable Market’ (TAM) of over 1.5 million heat pump installs happening every month making our proposition leading edge with significant growth potential. Our SaaS platform utilises cutting edge scanning technology that is operating system agnostic, using these methods heatly is redefining how technology is used to survey and create building digital twins. We require talented people to join our team to turn our MVP into a fully working, scalable technology proposition to deliver our ambition and be first to market.  You will already have worked in a similar startup environment and have a proven track record in delivering, fast, quality and scalable technology platforms, with time pressure to ensure we are first to market. Job Description We are seeking a highly skilled and proactive DevSecOps Engineer. The successful candidate will be responsible for designing, implementing, automating, and managing a CI/CD pipeline for our new SaaS solution.  This role requires expertise in Infrastructure as Code (IaC) and a strong background in security to develop and maintain DevSecOps processes. Key Responsibilities CI/CD Pipeline Design and Implementation: Design and implement CI/CD pipelines: Develop and maintain continuous integration and continuous deployment pipelines to ensure efficient and reliable software delivery. This includes setting up automated build, test, and deployment processes. Automate build, test, and deployment processes: Use tools to automate the entire software delivery lifecycle, ensuring that code changes are automatically tested and deployed to production environments. Monitor and optimise pipeline performance: Continuously improve pipeline efficiency and reliability by identifying and addressing bottlenecks and issues. Implement monitoring tools to track pipeline performance and ensure timely detection of failures. Infrastructure as Code (IaC): Implement IaC practices: Use to define and manage infrastructure as code. This ensures that infrastructure is version-controlled, reproducible, and easily auditable. Automate infrastructure provisioning and management: Ensure that infrastructure is consistently and reliably provisioned, configured, and managed through code. This includes automating the setup of servers, networks, and other infrastructure components. Maintain and update IaC scripts: Regularly review and update IaC scripts to incorporate new requirements and best practices. Ensure that scripts are well-documented and easy to understand for other team members. DevSecOps Processes: Integrate security into the CI/CD pipeline: Implement security checks and controls at every stage of the pipeline to ensure secure software delivery. This includes integrating static code analysis, vulnerability scanning, and compliance checks into the CI/CD process. Develop and maintain DevSecOps processes: Establish and enforce security best practices, including code analysis, vulnerability scanning, and compliance checks. Ensure that security is a shared responsibility across the development and operations teams. Use relevant security tools: Utilise tools to identify and mitigate security vulnerabilities. Regularly update and maintain these tools to ensure they are effective against the latest threats. Code Repository Management: Implement and manage code repositories: Set up and maintain code repositories.  Ensure that repositories are organised, secure, and accessible to the development team. Establish version control processes: Define and enforce version control practices, including branching strategies, code reviews, and merge processes. Ensure that all code changes are tracked and documented. Automate repository management tasks: Use automation tools and scripts to manage repository tasks such as code merging, conflict resolution, and repository clean-up. Monitor repository health and performance: Regularly review repository metrics and logs to ensure optimal performance and security. Address any issues related to repository access, performance, or security promptly. Collaboration and Communication: Work closely with development and operations teams: Collaborate with developers and QA engineers to ensure seamless integration and delivery of software. Facilitate communication and coordination between teams to resolve issues quickly. Provide technical guidance and support: Assist team members with troubleshooting and resolving issues related to the CI/CD pipeline and infrastructure. Offer training and support to help team members adopt best practices. Document processes and procedures: Create and maintain comprehensive documentation for CI/CD pipelines, IaC scripts, and DevSecOps processes. Ensure that documentation is up-to-date and accessible to all team members. Monitoring and Maintenance: Monitor system performance and availability: Implement monitoring tools to ensure the health and performance of the infrastructure and applications. Set up dashboards and alerts to track key metrics and detect issues early. Implement and manage logging and alerting: Set up logging and alerting mechanisms to detect and respond to issues promptly. Ensure that logs are collected, stored, and analysed to provide insights into system performance and security. Perform regular maintenance and updates: Ensure that all systems and tools are up-to-date and functioning optimally. Apply patches and updates to address security vulnerabilities and improve performance. Qualifications Education: Bachelor’s or Master’s degree in Computer Science, Engineering, or a related field. Experience: Proven experience as a DevsecOps Engineer or similar role in a tech start-up or fast-paced environment. Extensive experience with CI/CD pipeline design and implementation. Strong background in Infrastructure as Code (IaC) practices and tools. Solid understanding of security best practices and experience with DevSecOps processes. Technical Skills: Proficiency in CI/CD tools Expertise in IaC tools Experience with containerisation and orchestration tools Familiarity with security tools Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud). Strong scripting skills MVP is currently built using the following technologies and development languages, PREACT, MYSQL, Docker, .Net6, C#, C++ and Python. Soft Skills: Excellent problem-solving and analytical skills. Strong communication and collaboration abilities. Ability to work in a fast-paced, dynamic environment and manage multiple priorities. Attention to detail and a proactive approach to identifying and addressing issues.  Additional Information Benefits: Company pension scheme  28 days holiday (including bank holidays) Company life insurance and health care scheme Employee benefits package that includes training and development opportunities