Lead DevSecOps Engineer

About The Position

Requirements

• Azure Infrastructure as Code (IaC): Expert-level experience designing and implementing Azure infrastructure using IaC principles
• Azure Kubernetes Service (AKS): Strong experience as a cluster operator, including cluster configuration, scaling, and management
• Kubernetes Application Deployments: Proven ability to deploy and manage applications using Kubernetes manifests through SCCM
• Terraform: Advanced proficiency in writing, testing, and maintaining Terraform modules and configurations GitHub & CI/CD:
• Expert-level experience designing and implementing CI/CD pipelines using GitHub Actions
• Strong knowledge of GitHub workflows, reusable actions, and workflow security best practices
• Experience with secure secrets management in GitHub (GitHub Secrets, Azure Key Vault integration) GitHub Advanced Security (GHAS):
• Hands-on experience implementing and managing GHAS features
• Proficiency with CodeQL for custom security queries and code scanning
• Experience with secret scanning, dependency scanning, and security advisories
• Ability to triage and remediate security findings from GHAS Secure CI/CD Practices:
• Strong understanding of supply chain security and SLSA framework
• Experience implementing security scanning at multiple pipeline stages
• Knowledge of artifact signing, provenance, and attestation
• Familiarity with SAST, DAST, SCA, and container scanning tools
• Scripting: Strong Python and Bash scripting skills for automation and tooling
• Deep understanding of container security and Kubernetes security best practices
• Knowledge of Azure security services (Azure Security Center, Key Vault, Azure Policy, etc.)
• Experience with least-privilege access controls and identity management
• Bachelor's degree in Computer Science, Engineering, or related field (or equivalent experience)
• 10+ years of experience in DevOps/DevSecOps roles
• 3+ years of hands-on experience with Azure and Kubernetes
• 2+ years of experience with GitHub Actions and GitHub Advanced Security
• Strong understanding of networking, security, and cloud architecture principles
• Demonstrated ability to build security into development workflows without impeding velocity

Nice To Haves

• Bicep: Experience with Azure Bicep for infrastructure deployment
• GitHub certifications or advanced training
• Azure certifications (e.g., Azure Solutions Architect, Azure Security Engineer)
• Experience with GitOps workflows and tools (ArgoCD, Flux)
• Knowledge of compliance frameworks (SOC 2, ISO 27001, PCI-DSS, NIST)
• Experience with monitoring and observability tools (Prometheus, Grafana, Azure Monitor)
• Familiarity with OWASP Top 10 and secure coding standards
• Experience with infrastructure security scanning tools (Checkov, tfsec, Trivy)

Responsibilities

• Design and implement Infrastructure as Code (IaC) solutions on Azure using Terraform and Bicep
• Manage and optimize Azure Kubernetes Service (AKS) clusters, including cluster operations and application deployments
• Deploy and manage applications using Kubernetes manifests through SCCM (System Center Configuration Manager)
• Design and implement secure CI/CD pipelines using GitHub Actions with integrated security scanning
• Implement and maintain GitHub Advanced Security (GHAS) across repositories, including code scanning, secret scanning, and dependency reviews
• Develop and enforce secure coding practices and security policies within GitHub workflows
• Build automated security gates and compliance checks in CI/CD pipelines
• Develop automation scripts using Python and Bash to streamline operations
• Configure and optimize GHAS features including CodeQL analysis and security advisories
• Lead incident response for security vulnerabilities identified through GHAS
• Mentor team members on DevSecOps practices, GitHub security features, and cloud technologies
• Collaborate with development, security, and operations teams to ensure secure delivery
• Establish branch protection rules, security policies, and access controls in GitHub