Lead DevSecOps Engineer

Join Amgen's Mission of Serving Patients

At Amgen, if you feel like you're part of something bigger, it's because you are. Our shared mission—to serve patients living with serious illnesses—drives all that we do.

Since 1980, we've helped pioneer the world of biotech in our fight against the world's toughest diseases. With our focus on four therapeutic areas –Oncology, Inflammation, General Medicine, and Rare Disease– we reach millions of patients each year. As a member of the Amgen team, you'll help make a lasting impact on the lives of patients as we research, manufacture, and deliver innovative medicines to help people live longer, fuller happier lives.

Our award-winning culture is collaborative, innovative, and science based. If you have a passion for challenges and the opportunities that lay within them, you'll thrive as part of the Amgen team. Join us and transform the lives of patients while transforming your career.

Lead DevSecOps Engineer

What you will do

Let's do this. Let's change the world. In this vital role you will play a critical role in engineering secure, resilient, and scalable CI/CD platforms that enable Amgen's global digital initiatives. This position requires deep DevSecOps technical expertise, strong platform engineering capabilities, and the ability to collaborate and influence across diverse technology teams. While hands-on DevSecOps experience is essential, candidates should also bring foundational programming skills to build automation and integrate security seamlessly into pipelines. This role blends technical execution with cross-team enablement and platform ownership, making it ideal for engineers with both a delivery and systems-thinking mindset

Roles & Responsibilities:

Engineering & Automation

• Design, code, and maintain secure CI/CD pipelines using GitLab CI in hybrid and multi-cloud environments.
• Write high-quality, reusable, and testable code in languages such as Python, Go, JavaScript, or Bash to automate CI/CD workflows, infrastructure provisioning, and security enforcement.
• Develop custom DevSecOps utilities, GitLab runners, and dynamic pipeline templates.
• Maintain and scale Infrastructure as Code (IaC) using Terraform, CloudFormation, and Ansible.

Security & DevOps Integration

• Integrate security automation tools (SAST, DAST, SCA, secrets scanning, IaC scanning) into the development and deployment pipelines.
• Build tooling for container and API security, including vulnerability scanning and policy enforcement.
• Partner with product security and cloud teams to implement RBAC, IAM, encryption, and compliance-by-design controls.

Observability & Reliability

• Develop and maintain monitoring and observability solutions using Dynatrace, Prometheus, Grafana, ELK, or similar tools.
• Drive implementation of SLOs, SLIs, and automated alerting within CI/CD workflows.
• Contribute to incident response and root cause analysis with a focus on long-term resilience through automation.

AI-Driven Enablement

• Support adoption of AI/ML-based DevSecOps tools for anomaly detection, policy enforcement, and risk forecasting.
• Work with platform leads to integrate resourceful insights into day-to-day operations.

Leadership & Collaboration

• Mentor junior engineers and DevOps practitioners, fostering a culture of secure coding and software craftsmanship.
• Lead technical design discussions, evaluate open-source and commercial tools, and influence technology decisions.
• Work closely with product owners, engineering teams, cybersecurity, and platform teams to define and align secure delivery models.
• Coordinate with external vendors and internal stakeholders to ensure alignment on DevSecOps objectives.
• Participate in Agile and SAFe delivery processes—including sprint planning, stand-ups, retrospectives, and PI planning—to ensure security and platform reliability are embedded across development cycles.

What we expect of you

We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications.

Basic Qualifications:

• Doctorate degree / Master's degree / Bachelor's degree and 8 to 13 years in Computer Science, IT or related field
• 7+ years of experience in DevOps, Security Engineering, or Platform Engineering roles.
• 3+ years of hands-on experience building and managing secure CI/CD pipelines using GitLab CI or equivalent.
• Strong understanding of CI/CD security practices, including code scanning, artifact control, and secrets management.
• Strong command in at least one scripting or programming language (e.g., Python, Bash, Go, or JavaScript) for automation and integration.

Preferred Qualifications:

Must-Have Skills:

• Strong expertise in GitLab CI/CD, including runner management, pipeline templating, and security integrations.
• Hands-on experience with security automation tools: SAST, DAST, SCA, secrets detection (e.g., Veracode, Snyk, Trivy).
• Deep understanding of Infrastructure as Code (IaC) using Terraform and CloudFormation.
• Knowledge of Kubernetes security best practices, including RBAC, network policies, and container runtime protection.
• Proficiency in at least one programming or scripting language (Python, Go, JavaScript, Bash) to build pipeline automation and integrations.
• Experience implementing policy-as-code frameworks (e.g., OPA, Gatekeeper) in CI/CD environments.
• Experience applying, adopting, or leading AI/ML solutions to improve DevSecOps workflows—for example, in anomaly detection, policy enforcement, threat intelligence, or pipeline optimization.
• Familiarity with observability and monitoring tools used in DevOps contexts (DynaTrace, Prometheus, Grafana, or similar tools).
• Collaboration skills and ability to work across security, infrastructure, and development teams.
• Exposure to hybrid or multi-cloud CI/CD platforms, especially AWS environments.

Good-to-Have Skills:

• Experience securing Kubernetes workloads (e.g., EKS/AKS) and implementing policy controls (OPA, Kyverno).
• Familiarity with IaC security scanning (Checkov, tfsec).
• Experience managing SLIs/SLOs in CI/CD environments.
• Exposure to AI-assisted DevSecOps tooling or FinOps concepts.

Professional Certifications

• Certified DevSecOps Professional (CDP)
• GitLab CI/CD Specialist
• Certified Kubernetes Security Specialist (CKS)

Soft Skills:

• Strong problem-solving and analytical skills.
• Ability to work independently and take ownership of complex technical problems.
• Effective communicator and cross-functional collaborator.
• Passion for secure software delivery and engineering excellence.
• Capable of leading without authority and influencing platform and product teams.

Shift Information: This position is an onsite role and may require working during later hours to align with business hours. Candidates must be willing and able to work outside of standard hours as required to meet business needs.

What you can expect of us

As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we'll support your journey every step of the way.

In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Apply now and make a lasting impact with the Amgen team.

As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease.

Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

---