Role Description We are looking for an experienced and diligent Senior DevSecOps Engineer to join our DevSecOps team and help us secure the resilience, integrity, and performance of the Arbor platform as it scales — including the AI-enabled systems and developer tooling now central to how we build and operate. The remit and focus of the role is to combine deep security engineering with a secure-by-design mindset, using metrics, automation, and threat modelling to drive measurable improvements. Working closely with architecture, platform, and engineering teams, you will continuously harden our infrastructure, our software supply chain, and the AI systems and agents increasingly embedded across our products and workflows. - Collaborate with stakeholders to pinpoint security enhancements across platform architecture and infrastructure, devising and executing strategic plans for implementation. - Work closely with the Platform team to embed robust security processes, controls, and tooling across all system components. - Threat model new and existing systems — including AI/LLM-enabled features and agentic workflows — and translate findings into prioritised, actionable work. - Strengthen our software supply chain: dependency and base-image hygiene, SBOM generation, artefact signing and provenance, and the pinning of third-party actions and packages. - Secure the use of AI across the SDLC, ensuring agentic coding tools, assistants, and MCP integrations operate within safe, well-scoped, and auditable boundaries. - Contribute to the evolution of deployment frameworks, emphasising security, deployment speed, and system stability. - Elevate platform security through strong secrets management and the safe handling of sensitive information. - Play an active role in incident response, resolution, and blameless post-mortems, facilitating continuous improvement. - Participate in knowledge-sharing initiatives, including tech-talks and team-based learning sessions. - Maintain meticulous, current documentation — playbooks, runbooks, and comprehensive systems documentation — to facilitate knowledge dissemination. Qualifications - Extensive experience in cyber security and associated engineering practices. - Vulnerability management and remediation at scale. - Proven track record in DevOps / DevSecOps engineering within large-scale platforms. - Proficiency in distributed cloud systems, particularly Amazon Web Services. - Expertise in Infrastructure as Code (IaC) tooling such as Terraform and CloudFormation. - Experience with languages such as PHP, Bash, or Python. - Experience with Docker and containerisation, with a working understanding of container and runtime security. - Software supply-chain security: SBOMs, dependency scanning, and artefact signing / provenance (e.g. SLSA, Sigstore). - Secrets management and detection (e.g. Vault, cloud-native secret stores, secret-scanning in CI). - Security tooling across the SDLC: SAST, DAST, SCA, IaC scanning, and container scanning (e.g. Snyk, Trivy). - Policy-as-code and guardrails (e.g. OPA / Conftest), with an identity-centric / zero-trust approach to access. - Familiarity with monitoring and detection tooling like DataDog, Prometheus, or similar platforms. - A proactive problem-solving attitude coupled with strong teamwork and communication skills. - Exceptional proficiency in written and spoken English to effectively articulate ideas and concepts. - AI security and safe AI usage. - Practical understanding of AI/LLM security risks and their mitigations — e.g. prompt injection, jailbreaks, insecure output handling, sensitive-data leakage, and excessive agency (aligned to the OWASP Top 10 for LLM Applications). - Experience securing AI-assisted and agentic development tooling: scoping permissions, sandboxing, logging and audit, and preventing secret or data exfiltration through AI agents and MCP servers. - Familiarity with AI threat modelling and adversarial techniques (e.g. MITRE ATLAS) and with conducting or supporting AI-aware red teaming. - Awareness of AI governance and assurance frameworks (e.g. NIST AI RMF, ISO/IEC 42001) and how they intersect with data-protection obligations for a multi-tenant platform handling children's data. - Confident, responsible use of AI tooling to accelerate security work — triage, detection engineering, code review, and documentation — while understanding and accounting for its limitations. Bonus Skills - Past experience with enterprise solutions running at scale. - Familiarity with kanban and agile development processes. - Familiarity with software best practices such as Refactoring, Clean Code, Domain-Driven Design, Test-Driven Development, etc. - Experience with compliance frameworks relevant to EdTech (e.g. NIST CSF, ISO 27001, SOC 2, UK GDPR). - Relevant certifications (e.g. AWS Security Specialty, OSCP, or AI security / governance credentials). Benefits - The chance to work alongside a team of hard-working, passionate people in a role where you’ll see the impact of your work every day. - A dedicated wellbeing team who champion initiatives such as mindfulness, lunch n learns, manager training, mental health first aid training and much more! - 32 days holiday (plus Bank Holidays). This is made up of 25 days annual leave plus 7 extra company-wide days given over Easter, Summer & Christmas. - Life Assurance paid out at 3x annual salary. - Comprehensive wellness benefit provided by AIG Smart Health, which provides a 24/7 virtual GP service, Mental health support, Counselling, and personalised Health Checks. - Private Dental Insurance with Bupa. - Salary sacrifice Pension provided by Scottish Widows. - Enhanced maternity and adoption leave (20 weeks full pay) and paternity (6 weeks full pay) pay. - 5 free return to work maternity coaching sessions, helping you adapt to this new exciting time of life! - Access to services such as Calm and Bippit (financial wellbeing coaching). - All of our roles champion flexible working and we are happy to discuss what this means to you. - Social committees that plan team, office and company-wide events to bring people together and celebrate success. - Dedicated professional development training budget (CPD courses, upskilling resources, professional memberships etc). - Volunteer with a charity of your choice for a day each year. - Dog friendly offices! Interview Process - Phone screen. - 1st stage. - 2nd stage.

• Technical and disciplinary responsibility for an experienced team of Cloud & DevOps Engineers, including project coordination and resource planning • You will spend at least 60% of your time directly on client projects — through architecture, technical design, or implementation for public-sector clients • Support with tenders and proposals as well as technical support in presales discussions • Active development of your team members — both professionally and personally • Strategic involvement in shaping ARES's growth

• Provide solutions to customers to make them successful using our products. • Troubleshoot customer environments and engage in active triaging with customers • Participate in on-call rotation for weekend coverage • Provide feedback to the product development teams on customer needs and pain points. • Build out our monitoring and alerting systems. • Build and maintain automation to ensure daily operational tasks are handled as efficiently as possible. • Help direct the architecture of the products and contribute where possible. • Own the customer experience, working directly with customers to prioritize and solve issues, meet SLAs, and provide “white glove” guidance on the path to production. • Participate remotely within a fully distributed team. • Enhance and enrich customer documentation • Work with the latest technology and multi-cloud implementations

• Configure, deploy, and maintain security tools across cloud-native environments. • Integrate security tooling into existing software development and deployment workflows. • Partner with engineering teams to implement security best practices throughout the software development lifecycle. • Manage and optimize security controls within AWS cloud environments and Kubernetes clusters. • Maintain and improve application, infrastructure, and container security posture. • Implement automated security scanning, monitoring, alerting, and remediation processes. • Support compliance, vulnerability management, and incident response efforts. • Continuously evaluate and introduce new security technologies and practices to strengthen platform security.