Cloud Development Operations Lead

About The Position

Requirements

• 3+ years in DevOps, platform engineering, application security, or software engineering with hands-on CI/CD responsibility.
• Demonstrated experience integrating security tooling into pipelines and tuning for practical developer use.
• Strong written/verbal communication; able to translate security requirements into usable engineering workflows.
• Experience with CI/CD tooling such as GitHub Actions, GitLab CI/CD, Jenkins, or Azure DevOps.
• Experience implementing policy/gating in pipelines and maintaining secure branch/release controls.
• Proficiency with Python, Bash, PowerShell, or equivalent scripting for automation and reporting.
• Comfort working with APIs to integrate tools and export evidence/metrics.
• Strong understanding of common application security risks and secure coding patterns (e.g., OWASP Top 10).
• Familiarity with Infrastructure-as-Code and container build/deploy security practices (Terraform/CloudFormation/Bicep; Docker/Kubernetes).

Nice To Haves

• Experience operating in regulated environments (PHI/PII) with audit/evidence expectations (HIPAA-aligned safeguards, SOC2/ISO-style controls).
• Familiarity with common DevSecOps/AppSec tools (e.g., Semgrep, SonarQube, Snyk, Trivy, Prisma/Defender—tooling may vary).
• Security or cloud certifications (nice-to-have): Security+, AWS/Azure/GCP security-focused credentials, or equivalent experience.

Responsibilities

• Embed security tooling into CI/CD (SAST, SCA, secrets scanning, IaC scanning, container scanning) using standardized pipeline patterns and reusable templates.
• Define practical release gating rules that prevent high-risk defects from shipping while supporting documented exception workflows when needed.
• Partner with engineering teams to operationalize secure coding practices and reduce recurring findings (OWASP Top 10 classes).
• Build and maintain automation/scripts to support security checks, artifact integrity, pipeline hygiene, and evidence generation.
• Reduce credential and secrets exposure across build and deployment workflows in partnership with platform/DevOps owners.
• Tune security tooling to minimize noise and maintain acceptable pipeline performance (avoid security checks becoming bottlenecks).
• Triaging and prioritizing application and pipeline findings with product/engineering owners; validate remediation and closure.
• Implement service-level expectations for critical/high findings and track aging, exceptions, and trends for leadership reporting.
• Support lightweight threat modeling for new features and major changes; translate risk into actionable engineering requirements.
• Act as a security champion within engineering teams—coaching, pairing on fixes, and raising baseline maturity without slowing delivery.