Sky
DevSecOps Consultant
We believe in better. And we make it happen.
Better content. Better products. And better careers.
Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, SkyQ to Sky Glass, we never stand still. We optimise and innovate.
We turn big ideas into the products, content and services millions of people love.
And we do it all right here at Sky.
As a DevSecOps Consultant, you will take a more technically involved role in embedding application security across the software development lifecycle (SDLC). You will work closely with engineering, platform, and security teams to design, implement, and operate software security controls, while acting as a trusted technical advisor to development teams.
What you'll do
Own the end-to-end onboarding of approved software security tooling into the SDLC, working directly with engineering teams across design, development, testing, and deployment phases.
Act as a point of contact for application security within product and platform teams, providing guidance on secure design and implementation decisions.
Deliver developer-facing workshops covering software security tooling, secure coding practices, and common vulnerability classes and mitigations.
Drive and implement security automation initiatives to improve coverage, observability, alerting, and operational efficiency within the DevSecOps function.
Develop custom automation tools to follow the “trust-but-verify” model to ensure that technical controls are adhered to across the code estate (e.g. Metric Reporting, Configuration updates, PR scanning, Naming Conventions, etc.)
Own software security activities, including code reviews, dependency risk analysis, and vulnerability triage within Sky’s technology landscape.
Lead or actively contribute to application-level security incident response, including investigation, containment, remediation guidance, and root cause analysis.
Collaborate closely with wider security functions (e.g. Security Remediation, Threat Intelligence, Threat Modelling) to ensure application risks are understood and addressed appropriately.
Support and improve the operation of software security tooling such as SAST, SCA, secrets scanning, and CI/CD security controls.
Contribute to the definition, evolution, and enforcement of security standards, patterns, and guardrails for engineering teams.
Please note: this role is driven by business demand, and participation in out-of-hours support may be required.
What you'll bring
Technical Software or Security related degree (E.g. Computer Science, Computer Engineering, Software Engineering etc.) with a firm baseline in technical computing concepts across software, security, cloud, and development.
Strong understanding of modern software development practices and the full software development lifecycle (SDLC), including all stages from planning to testing and integration.
Knowledge of application security principles and common vulnerability classes (e.g. OWASP Top 10), including practical mitigation strategies.
Hands-on experience with at least one programming or scripting language (e.g. Java, JavaScript, Python) in a production/enterprise environment, with the ability to review and reason about code.
Practical experience integrating, configuring or deploying application security tooling such as Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secrets scanning, and a firm understanding of the different scope of each scan type.
Good understanding of how modern applications are built and deployed, including Source Code Management, APIs, cloud-native architectures, and CI/CD pipelines.
Ability to communicate security concepts clearly and pragmatically to developers and engineering stakeholders.
Strong problem-solving skills, with the ability to investigate security issues independently and recommend proportionate and contextualised solutions.
Proven ability to collaborate effectively across engineering, platform, and security teams in an enterprise environment
Nice to have: Experience supporting or contributing to security incident response, vulnerability triage, or root cause analysis at the application or vulnerability level.
Team overview
Global Cyber Security – Product Security
Our products, platforms and technologies are constantly evolving. That's why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you’ll get involved in tackling challenges and future threats in an ever-changing cyber landscape.
This is an exciting opportunity to join the DevSecOps function at Sky as we continue to scale our platforms and services across streaming, broadcast, and digital products. We are expanding our UK-based DevSecOps capability within the Global Product Security organisation to ensure software security is embedded by default across Sky and Comcast’s engineering estate.
The rewards
There's one thing people can't stop talking about when it comes to #LifeAtSky: the perks. Here’s a taster:
- Sky Q, for the TV you love all in one place
- The magic of Sky Glass at an exclusive rate
- A generous pension package
- Private healthcare
- Discounted mobile and broadband
- A wide range of Sky VIP rewards and experiences
Inclusion & how you'll work
We are a Disability Confident Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all, and will make reasonable adjustments to support you where appropriate. Please flag any adjustments you need to your recruiter as early as you can.
We’ve embraced hybrid working and split our time between unique office spaces and the convenience of working from home. You’ll find out more about what hybrid working looks like for your role later on in the recruitment process.
Your office space
Osterley
Our Osterley Campus is a 10-minute walk from Syon Lane train station. Or you can hop on one of our free shuttle buses that run to and from Osterley, Gunnersbury, Ealing Broadway and South Ealing tube stations. There are also plenty of bike shelters and showers.
On campus, you’ll find 13 subsidised restaurants, cafes, and a Waitrose. You can keep in shape at our subsidised gym, catch the latest shows and movies at our cinema, get your car washed, and even get pampered at our beauty salon.
Brick Lane
Brick Lane is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10 minute walk.
We'd love to hear from you
Inventive, forward-thinking minds come together to work in Tech, Product and Data at Sky. It’s a place where you can explore what if, how far, and what next.
But better doesn’t stop at what we do, it’s how we do it, too. We embrace each other’s differences. We support our community and contribute to a sustainable future for our business and the planet.
If you believe in better, we’ll back you all the way.
Just so you know: if your application is successful, we’ll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.