Senior DevSecOps Engineer

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.

Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.

Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

About the role

We are seeking a highly skilled and hands‑on DevSecOps Engineer to support and evolve our enterprise DevSecOps ecosystem. In this role, you will part of governance, engineering, and continuous improvement of our developer platforms, CI/CD pipelines, security tooling, and cloud‑native infrastructure. You will work closely with Cloud, Security, Platform Engineering, and Product teams to ensure that our engineering workflows remain secure, scalable, and compliant across a global, highly regulated environment.

Key responsibilities

• Administer and optimize GitHub Enterprise Cloud / GitHub Enterprise Server, Azure DevOps, SonarQube, Datadog SAST, and Docker Desktop at enterprise scale.
• Define and enforce organization wide governance, including branch protection, repository standards, permissions, audit logging, SSO/SCIM, and GitHub Action / ADO runner governance (managed vs. self-hosted, isolation, patching).
• Implement and manage GitHub Advanced Security features such as CodeQL, Depend Bot, secret scanning with push protection, and integrate SAST, SCA, DAST, IaC scanning, and artifact signing into pipelines.
• Support evaluation, onboarding, and migration of next gen security tools (e.g., Datadog Code Security) & Migration strategies (e.g., SonarQube → Datadog POCs).
• Govern security across CI/CD pipelines in GitHub Actions and Azure DevOps, ensuring secure release workflows, multistage approvals, environment protections, and quality gates.
• Support teams in designing and deploying secure applications on Azure, ensuring alignment with cloud security best practices.
• Implement IaC best practices using Terraform Cloud/Native Terraform, including policy checks, workspace governance, remote backends, and drift detection.
• Maintain hardened Docker base images, enforce secure container usage, and ensure compliance across AKS and ACR environments.
• Build actionable dashboards, alerts, and audit ready evidence pipelines for observability and compliance.
• Provide L3 operational support for DevSecOps platforms, including handling escalations and resolving complex incidents.
• Track and publish DevSecOps adoption, security posture metrics, and platform coverage insights.
• Lead remediation sprints, POCs, platform upgrades, migrations, maintenance activities, and broader architectural improvements.
• Collaborate closely with Cloud, Security, Platform Engineering, and Product teams to address cross functional engineering challenges.
• Drive improvements in developer productivity and experience through self-service infrastructure provisioning, developer portals, and Internal Developer Platform (IDP) capabilities.
• Enable and support standardized development workflows to improve onboarding, consistency, and delivery efficiency across teams.
• Work within Agile delivery models, actively participating in sprint planning, backlog refinement, daily stand-ups, sprint reviews, and retrospectives.
• Support and leverage Azure-native engineering capabilities including AKS, Azure Functions, Azure DevOps, GitHub Actions, Azure Developer CLI (azd), and Terraform (AzureRM).

Qualifications and skills

Essential

• Strong hands-on experience administering GitHub Enterprise, GitHub Advanced Security, Azure DevOps, and enterprise CI/CD pipelines.
• Solid understanding of Azure cloud services, Entra ID (IAM), network security, least privilege principles, and secure workload design.
• Proven expertise in SAST, SCA, secret scanning, vulnerability triage, and governance workflows.
• Experience securing and operating Azure Kubernetes Service (AKS), ACR, and containerized applications.
• Proficiency in Terraform, Terraform Cloud, module development, policy enforcement, and remote backends.
• Strong scripting skills in YAML, Bash, and PowerShell (Python and JavaScript proficiency expected).
• Proficient in coding using Python and JavaScript to support automation, security tooling integration, and developer workflows.
• Strong understanding of coding standards aligned to SDLC best practices, including software compliance and secure coding standards.
• Experience working with SaaS platforms and strong understanding of platform security and integration patterns.
• Good to have exposure to DaaS platforms, particularly MongoDB Atlas.
• Ability to troubleshoot complex CI/CD, pipeline, GitHub/ADO, or container security issues end to end.
• Strong analytical thinking, communication skills, and experience working in global, multi-region, regulated environments.

Preferred

• Microsoft Certified: Azure DevOps Expert, CKAD, or equivalent certifications.

 

 

 

 Job Posting End Date

 

 

2026-06-30

 

 

 

Equal Opportunities

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.

During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees. 

The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

 

 

 

Adjustment or Accommodations Request

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence. 

 

 

 

Note to candidates

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.