Senior Manager, DevSecOps

What you will do

In this vital role you will lead the design, implementation, and scale-up of secure software delivery platforms across Amgens global technology landscape. This role is responsible for delivering enterprise-grade DevSecOps capabilities with a core focus on GitLab CI, while driving adoption of modern, secure, and automated engineering practices.

You will play a strategic role in leading change across the enterprise, guiding teams through the cultural and technical shifts required to embed security seamlessly into DevOps workflows. Your leadership will empower Amgens product teams to ship faster, safer, and more efficiently by operationalizing platform-level DevSecOps tools, governance models, and standards.

This is a high-impact, hands-on leadership role that requires deep technical depth, business alignment, and the ability to influence across functional, organizational, and geographic boundaries. Youll be expected to build and scale enterprise capabilities that support the secure-by-design delivery of Amgens digital solutions, while ensuring that the DevSecOps function remains resilient, agile, and forward-looking.

Roles & Responsibilities:

Leadership & Strategy

• Build and lead a hard-working DevSecOps team with a focus on platform resilience, pipeline security, and engineering excellence.
• Define and drive the DevSecOps roadmap, aligned with enterprise platform and security strategies.
• Set operational KPIs and implement secure-by-design principles across all delivery pipelines.
• Enable reusable DevSecOps capabilities across business units through centralized platform engineering.

DevSecOps Platform Engineering

• Architect, maintain, and scale CI/CD pipelines using GitLab CI across hybrid and multi-cloud environments.
• Integrate security automation tools (SAST, DAST, SCA, secrets scanning) into delivery workflows.
• Build pipeline utilities, automate controls, and customize DevSecOps toolchains.
• Promote Infrastructure as Code (IaC) using Terraform and configuration management with Ansible.

Cloud and Application Security

• Secure workloads in Kubernetes (EKS/AKS), leveraging policy-as-code, runtime protection, and RBAC enforcement.
• Work with cloud platform and cybersecurity teams to embed IAM, encryption, and compliance controls.
• Lead vulnerability management and continuous risk assessment for pipelines and deployment infrastructure.

Reliability & Monitoring

• Drive observability and SLO/SLI adoption for CI/CD environments using tools like ELK, Prometheus, Grafana, and Datadog.
• Handle incident response processes and lead post-incident reviews with a focus on automation-driven recovery.

Stakeholder & Vendor Management

• Collaborate with platform, cybersecurity, and software engineering teams to define secure delivery models.
• Handle third-party vendors and security tools, ensuring alignment with enterprise needs and policies.
• Evangelize DevSecOps standard methodologies across the organization through training, mentorship, and engagement.

AI-Driven Enablement

• Support adoption of AI/ML-based DevSecOps tools for anomaly detection, policy enforcement, and risk forecasting.
• Work with platform leads to integrate resourceful insights into day-to-day operations.

What we expect of you

We are all different, yet we all use our unique contributions to serve patients. The [vital attribute] professional we seek is a [type of person] with these qualifications.

Basic Qualifications:

• Doctorate degree / Master's degree / Bachelor's degree and 12 to 17 years in computer science, Engineering, or a related technical field
• 10+ years of IT experience, including 3+ years handling DevOps, DevSecOps, or security engineering teams.
• Demonstrable experience implementing and scaling secure CI/CD pipelines using GitLab CI.
• Strong programming skills (e.g., Bash, Go, JavaScript, Python, or similar) applied to automation and security integration.
• Experience handling DevSecOps functions at an enterprise or platform level.

Preferred Qualifications:

Must-Have Skills:

• Extensive hands-on experience with GitLab CI/CD, including runner management, pipeline templating, and security integrations.
• Strong expertise in Infrastructure as Code using Terraform and CloudFormation.
• Demonstrable ability to design and scale secure DevSecOps capabilities across large enterprise platforms.
• Familiarity with security tooling such as Veracode, and secrets scanning tools.
• Experience applying, adopting, or leading AI/ML solutions to improve DevSecOps workflowsfor example, in anomaly detection, policy enforcement, threat intelligence, or pipeline optimization.

Good-to-Have Skills:

• Experience with container orchestration and security in Kubernetes (EKS/AKS), service mesh (Istio/Linkerd), and Helm.
• Knowledge of FinOps practices to run cost-effective DevSecOps operations.
• Exposure to predictive monitoring and AI-driven security analytics.

Professional Certifications

• Certified DevSecOps Professional (CDP) Practical DevSecOps
• GIAC Cloud Security Automation (GCSA) SANS Institute
• Certified Kubernetes Security Specialist (CKS) CNCF
• GitLab Certified CI/CD Specialist

Soft Skills:

• Critical thinking and planning
• Strong decision-making abilities
• Excellence in stakeholder management
• Outstanding communication skills
• Team building and development
• Change management expertise
• Crisis management capabilities
• Strong presentation and public speaking skills

Shift Information: This position is an onsite role and may require working during later hours to align with business hours. Candidates must be willing and able to work outside of standard hours as required to meet business needs.