DevSecOps Process

Overview We are seeking an experienced DevSecOps Principal Engineer with 15+ years of expertise to lead and shape our DevSecOps strategy, processes, and tools. This senior role combines deep technical knowledge with strategic leadership in both process optimization and tool selection and implementation. As a key player in our engineering leadership team, you will drive the vision for DevSecOps across the organization, ensuring continuous improvement, automation, security, and scalability in software delivery pipelines. Responsibilities - Strategy Development: Define and execute a comprehensive DevSecOps strategy that aligns with organizational goals and industry best practices. - Process Optimization: Analyze current development and operational processes to identify opportunities for integrating security practices. Develop and implement standardized DevSecOps processes globally. - Metrics & Reporting: Establish key performance indicators (KPIs) and metrics to measure the effectiveness of DevSecOps initiatives. Create dashboards and reports to communicate progress to stakeholders. - Collaboration: Work closely with development, operations, security, and compliance teams to promote a shared responsibility model for security. - Tooling & Automation: Identify and implement tools that facilitate the integration of security into CI/CD pipelines and other automation processes. - Continuous Improvement: Foster a culture of continuous improvement through regular assessments, feedback loops, and adaptation of processes based on evolving threats and organizational needs. - Standardization of CICD pipeline: Define global template for CICDCT to enable stage gates for multiple sections in the SDLC to shift left testing for code quality, security and ensures consistent, efficient, and scalable build and release processes across all projects, reducing errors and simplifying maintenance. - Tool Strategy Development: Lead the strategy for selecting and implementing DevSecOps tools across the organization, ensuring alignment with business objectives and security requirements. Manage the architecture of the tools and continuously improve the ALM of the tools. - Enterprise Architecture Collaboration: Work with enterprise architects to ensure that DevSecOps tools and processes align with overall architectural frameworks and strategies. - Process Improvement: Analyze current workflows and tools to identify gaps and opportunities for optimization, recommending new tools and processes as needed. - Stakeholder Engagement: Collaborate with cross-functional teams, including development, operations, security, and compliance, to drive the adoption of DevSecOps practices. - Governance: Establish and track metrics to evaluate the effectiveness of DevSecOps tools and processes, providing insights and recommendations for continuous improvement. - Training & Awareness: Develop training programs and materials to raise awareness of DevSecOps principles and practices across the organization. Qualifications Education : Bachelors in Computer Science, Information Technology. Masters preferred. Experience : - 10+ years of experience in Software development, DevSecOps and security roles. - 5+ years of experience in a leadership or architect role focusing on DevSecOps Technical Skills: - Strong understanding of software development methodologies (Agile, DevSecOps). - Strong understanding of enterprise architecture principles and frameworks - Strong understanding on system administration, tools lifecycle management, integration framework, basic networking & database administration - Proficiency in CI/CD tools – Azure DevOps, GitHub Enterprise - Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes). - Strong understanding on CICD flow for multiple technology stacks in build & deployment phase. - Proficient in scripting language : python/PowerShell and YAML (Azure DevOps, GitHub) - Must have hands on development experience in JAVA or .NET. - Experience with cloud platforms (AWS, Azure, GCP) and their security practices. - Hands on knowledge on security tools (e.g., SAST, DAST, container security, IAM solutions). - Hands on knowledge in tools for dependency management – Jfrog Artifactory - Hands on knowledge in Code Coverage Tool – SonarQube - Proficiency in container based blue green deployment strategy – AKS, GitOps, Argo CD - Proficiency in DevSecOps KPIs and Metrics i.e. Escape Defects, Change Failure Rates, Deployment Frequency etc. - Proficiency in setting up governance framework for DevSecOps process - Familiarity with infrastructure as code (e.g., Terraform, CloudFormation) and configuration management tools (e.g., Ansible, Puppet). - Familiarity with IAAS, PAAS and SAAS architecture with inbound/outbound network flow. Soft Skills: - Excellent communication and interpersonal skills. - Strong analytical and problem-solving abilities. - Proven ability to work in a collaborative, fast-paced environment. - Proven leadership skills and the ability to drive initiatives across the organization. Preferred Skills: - Familiarity with agile methodologies and practices. - Experience with automation and orchestration in a DevSecOps context. - Familiarity with compliance standards - Experience in developing and implementing security policies and frameworks. - Experience in implementing enterprise level metrics for DevSecOps. Education : Bachelors in Computer Science, Information Technology. Masters preferred. Experience : - 10+ years of experience in Software development, DevSecOps and security roles. - 5+ years of experience in a leadership or architect role focusing on DevSecOps Technical Skills: - Strong understanding of software development methodologies (Agile, DevSecOps). - Strong understanding of enterprise architecture principles and frameworks - Strong understanding on system administration, tools lifecycle management, integration framework, basic networking & database administration - Proficiency in CI/CD tools – Azure DevOps, GitHub Enterprise - Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes). - Strong understanding on CICD flow for multiple technology stacks in build & deployment phase. - Proficient in scripting language : python/PowerShell and YAML (Azure DevOps, GitHub) - Must have hands on development experience in JAVA or .NET. - Experience with cloud platforms (AWS, Azure, GCP) and their security practices. - Hands on knowledge on security tools (e.g., SAST, DAST, container security, IAM solutions). - Hands on knowledge in tools for dependency management – Jfrog Artifactory - Hands on knowledge in Code Coverage Tool – SonarQube - Proficiency in container based blue green deployment strategy – AKS, GitOps, Argo CD - Proficiency in DevSecOps KPIs and Metrics i.e. Escape Defects, Change Failure Rates, Deployment Frequency etc. - Proficiency in setting up governance framework for DevSecOps process - Familiarity with infrastructure as code (e.g., Terraform, CloudFormation) and configuration management tools (e.g., Ansible, Puppet). - Familiarity with IAAS, PAAS and SAAS architecture with inbound/outbound network flow. Soft Skills: - Excellent communication and interpersonal skills. - Strong analytical and problem-solving abilities. - Proven ability to work in a collaborative, fast-paced environment. - Proven leadership skills and the ability to drive initiatives across the organization. Preferred Skills: - Familiarity with agile methodologies and practices. - Experience with automation and orchestration in a DevSecOps context. - Familiarity with compliance standards - Experience in developing and implementing security policies and frameworks. - Experience in implementing enterprise level metrics for DevSecOps. - Strategy Development: Define and execute a comprehensive DevSecOps strategy that aligns with organizational goals and industry best practices. - Process Optimization: Analyze current development and operational processes to identify opportunities for integrating security practices. Develop and implement standardized DevSecOps processes globally. - Metrics & Reporting: Establish key performance indicators (KPIs) and metrics to measure the effectiveness of DevSecOps initiatives. Create dashboards and reports to communicate progress to stakeholders. - Collaboration: Work closely with development, operations, security, and compliance teams to promote a shared responsibility model for security. - Tooling & Automation: Identify and implement tools that facilitate the integration of security into CI/CD pipelines and other automation processes. - Continuous Improvement: Foster a culture of continuous improvement through regular assessments, feedback loops, and adaptation of processes based on evolving threats and organizational needs. - Standardization of CICD pipeline: Define global template for CICDCT to enable stage gates for multiple sections in the SDLC to shift left testing for code quality, security and ensures consistent, efficient, and scalable build and release processes across all projects, reducing errors and simplifying maintenance. - Tool Strategy Development: Lead the strategy for selecting and implementing DevSecOps tools across the organization, ensuring alignment with business objectives and security requirements. Manage the architecture of the tools and continuously improve the ALM of the tools. - Enterprise Architecture Collaboration: Work with enterprise architects to ensure that DevSecOps tools and processes align with overall architectural frameworks and strategies. - Process Improvement: Analyze current workflows and tools to identify gaps and opportunities for optimization, recommending new tools and processes as needed. - Stakeholder Engagement: Collaborate with cross-functional teams, including development, operations, security, and compliance, to drive the adoption of DevSecOps practices. - Governance: Establish and track metrics to evaluate the effectiveness of DevSecOps tools and processes, providing insights and recommendations for continuous improvement. - Training & Awareness: Develop training programs and materials to raise awareness of DevSecOps principles and practices across the organization.