DevOps Specialist

About Vivriti Group

Vivriti Group is a trailblazer in the mid-market lending space, offering customized debt solutions to mid-sized enterprises. The group operates through two core businesses:

• Vivriti Capital Limited:
  A systematically important NBFC (ND-SI) regulated by the Reserve Bank of India (RBI). Vivriti Capital has disbursed over USD 3 billion to 300+ enterprise borrowers and holds a CRISIL rating of A+.
• Vivriti Asset Management:
  A fixed-income fund manager with over USD 550 million in commitments from 900+ institutional and private contributors, investing across 90+ entities.
• Learn more:
  Vivriti Capital – Corporate Overview Video

Title:
Associate Director - Technology - DevSecOps

Location:
Chennai, Tamilnadu

Job Summary

You will be responsible for defining, leading, and implementing the DevSecOps strategy across the organization. This leader will drive a cultural and technical shift, integrating security practices and automation into every phase of the Software Development Lifecycle (SDLC), from initial code commitment through to production deployment and monitoring. The primary goal is to accelerate secure, high-quality, and compliant software delivery to support the company's financial products and services.

Key Responsibilities

Leadership & Strategy

• Define and Execute Strategy: Establish the overall DevSecOps roadmap, aligning security, development, and operations goals with the Vivriti's business objectives, compliance requirements (e.g., RBI, SEBI, internal policies), and risk appetite.
• Team Leadership: Lead, mentor, and manage a team of DevSecOps Engineers, fostering a culture of ownership, continuous improvement, collaboration, and security-first mindset.
• Cross-Functional Collaboration: Partner closely with Engineering, Product, IT Operations, Risk, Compliance, and Audit teams to ensure security is "shifted left" and integrated seamlessly across all environments.
• Budget & Resource Management: Manage the budget for DevSecOps tools, training, and resources, making strategic technology investment recommendations.

DevSecOps Implementation & Automation:

• Secure CI/CD Pipelines: Architect, implement, and maintain highly automated and secure Continuous Integration/Continuous Deployment (CI/CD) pipelines (e.g., using Jenkins, GitLab CI, Azure DevOps).
• Automation of Security Controls: Integrate automated security testing tools (e.g., SAST, DAST, SCA) and compliance checks directly into the CI/CD workflow, making security gate checks a mandatory part of the release process.
• Infrastructure as Code (IaC) Security: Ensure security best practices are baked into infrastructure provisioning and configuration using tools like Terraform, Ansible, or CloudFormation, especially within cloud environments (AWS/Azure/GCP).
• Container and Orchestration Security: Oversee the security of containerized applications and orchestration platforms (Docker, Kubernetes), including image scanning, runtime protection, and configuration hardening.

Security & Compliance

• Vulnerability and Risk Management: Oversee automated and manual vulnerability assessments, penetration testing, and lead the rapid remediation of identified security flaws in code and infrastructure.
• Threat Modeling: Implement and drive threat modeling exercises for new features and application architectures to proactively identify security risks.
• Monitoring and Incident Response: Design and manage security monitoring, logging (SIEM), and alerting systems to detect and respond to security incidents and anomalies promptly. Drive post-incident analysis and implement preventive measures.
• Regulatory Compliance: Ensure all DevSecOps processes and delivered systems adhere to strict financial regulations, data privacy laws, and industry standards (e.g., ISO 27001, PCI-DSS if applicable).

Required Qualifications and Skills

• 10+ years of experience in technology, with at least 3-5 years in a DevSecOps, Application Security, or Cloud Security leadership role in a high growth, regulated environment.
• Proven experience in the Fintech or NBFC industry is mandatory, demonstrating a strong understanding of financial product lifecycles and regulatory compliance.
• Demonstrated success in building and scaling DevSecOps practices within an organization.
• Experience leading and managing technical teams, including performance reviews, mentoring, and hiring.

Technical Skills

• Deep Expertise in CI/CD Tools: Jenkins, GitLab CI, Azure DevOps, or similar platforms.
• Strong Programming/Scripting: Proficiency in at least one key language (Python, Go, Java, Shell scripting) for automation.
• Cloud Security Expertise: Strong knowledge of securing cloud platforms (AWS, Azure, or GCP), including IAM, network security, and native security services.
• Security Tools: Hands-on experience with application security testing tools (SAST, DAST, SCA) and vulnerability management.
• IaC and Configuration Management: Expertise with Terraform, Ansible, Chef, or Puppet.
• Containerization: Working knowledge of Docker and Kubernetes security best practices.

Soft Skills

• Strong Communication: Exceptional verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders, as well as to senior management.
• Strategic & Analytical Thinking: Ability to translate business risks and regulatory requirements into technical DevSecOps solutions.
• Problem-Solving: Excellent analytical and troubleshooting skills to resolve complex system and security issues.
• Adaptability: Ability to thrive in the fast-paced, high-pressure environment of a Fintech company.

Education and Certifications (Preferred)

• Bachelor's or master's degree in computer science, Information Security, or a related field.
• Relevant professional certifications such as CISSP, CISM, CSSLP, Certified DevSecOps Professional (CDP), or AWS/Azure Security certifications.