Lead DevSecOps Engineer

*What you will do*

In this vital role you will play a critical role in engineering secure, resilient, and scalable CI/CD platforms that enable Amgens global digital initiatives. This position requires deep DevSecOps technical expertise , strong platform engineering capabilities, and the ability to collaborate and influence across diverse technology teams. While hands-on DevSecOps experience is essential, candidates should also bring foundational programming skills to build automation and integrate security seamlessly into pipelines. This role blends technical execution with cross-team enablement and platform ownership, making it ideal for engineers with both a delivery and systems-thinking mindset

*Roles & Responsibilities:*

Engineering & Automation

• Design, code, and maintain secure CI/CD pipelines using GitLab CI in hybrid and multi-cloud environments.
• Write high-quality, reusable, and testable code in languages such as Python, Go, JavaScript, or Bash to automate CI/CD workflows, infrastructure provisioning, and security enforcement.
• Develop custom DevSecOps utilities, GitLab runners, and dynamic pipeline templates.
• Maintain and scale Infrastructure as Code (IaC) using Terraform, CloudFormation, and Ansible.

Security & DevOps Integration

• Integrate security automation tools (SAST, DAST, SCA, secrets scanning, IaC scanning) into the development and deployment pipelines.
• Build tooling for container and API security, including vulnerability scanning and policy enforcement.
• Partner with product security and cloud teams to implement RBAC, IAM, encryption, and compliance-by-design controls.

Observability & Reliability

• Develop and maintain monitoring and observability solutions using Dynatrace, Prometheus, Grafana, ELK, or similar tools.
• Drive implementation of SLOs, SLIs, and automated alerting within CI/CD workflows.
• Contribute to incident response and root cause analysis with a focus on long-term resilience through automation.

AI-Driven Enablement

• Support adoption of AI/ML-based DevSecOps tools for anomaly detection, policy enforcement, and risk forecasting.
• Work with platform leads to integrate resourceful insights into day-to-day operations.

Leadership & Collaboration

• Mentor junior engineers and DevOps practitioners, fostering a culture of secure coding and software craftsmanship.
• Lead technical design discussions, evaluate open-source and commercial tools, and influence technology decisions.
• Work closely with product owners, engineering teams, cybersecurity, and platform teams to define and align secure delivery models.
• Coordinate with external vendors and internal stakeholders to ensure alignment on DevSecOps objectives.
• Participate in Agile and SAFe delivery processesincluding sprint planning, stand-ups, retrospectives, and PI planningto ensure security and platform reliability are embedded across development cycles.

What we expect of you

We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications.

Basic Qualifications:

• Doctorate degree / Master's degree / Bachelor's degree and 8 to 13 years in Computer Science, IT or related field
• 7+ years of experience in DevOps, Security Engineering, or Platform Engineering roles.
• 3+ years of hands-on experience building and managing secure CI/CD pipelines using GitLab CI or equivalent.
• Strong understanding of CI/CD security practices, including code scanning, artifact control, and secrets management.
• Strong command in at least one scripting or programming language (e.g., Python, Bash, Go, or JavaScript) for automation and integration.

Preferred Qualifications:

Must-Have Skills:

• Strong expertise in GitLab CI/CD , including runner management, pipeline templating, and security integrations.
• Hands-on experience with security automation tools : SAST, DAST, SCA, secrets detection (e.g., Veracode, Snyk, Trivy).
• Deep understanding of Infrastructure as Code (IaC) using Terraform and CloudFormation .
• Knowledge of Kubernetes security best practices , including RBAC, network policies, and container runtime protection.
• Proficiency in at least one programming or scripting language (Python, Go, JavaScript, Bash) to build pipeline automation and integrations.
• Experience implementing policy-as-code frameworks (e.g., OPA, Gatekeeper) in CI/CD environments.
• Experience applying, adopting, or leading AI/ML solutions to improve DevSecOps workflowsfor example, in anomaly detection, policy enforcement, threat intelligence, or pipeline optimization.
• Familiarity with observability and monitoring tools used in DevOps contexts (DynaTrace, Prometheus, Grafana, or similar tools).
• Collaboration skills and ability to work across security, infrastructure, and development teams .
• Exposure to hybrid or multi-cloud CI/CD platforms, especially AWS environments.

Good-to-Have Skills:

• Experience securing Kubernetes workloads (e.g., EKS/AKS) and implementing policy controls (OPA, Kyverno).
• Familiarity with IaC security scanning (Checkov, tfsec).
• Experience managing SLIs/SLOs in CI/CD environments.
• Exposure to AI-assisted DevSecOps tooling or FinOps concepts.

Professional Certifications

• Certified DevSecOps Professional (CDP)
• GitLab CI/CD Specialist
• Certified Kubernetes Security Specialist (CKS)

Soft Skills:

• Strong problem-solving and analytical skills.
• Ability to work independently and take ownership of complex technical problems.
• Effective communicator and cross-functional collaborator.
• Passion for secure software delivery and engineering excellence.
• Capable of leading without authority and influencing platform and product teams.

Shift Information: This position is an onsite role and may require working during later hours to align with business hours. Candidates must be willing and able to work outside of standard hours as required to meet business needs.