Principal Cloud Dev Ops Engine

About The Position

Requirements

• Bachelor’s degree in engineering or related field or equivalent experience required.
• 12+ years in DevOps, platform engineering, application security, or software engineering with hands-on CI/CD responsibility required.
• Demonstrated record of designing and leading enterprise DevSecOps programs, including toolchain strategy, pipeline security architecture, and cross-organizational adoption at scale.
• Exceptional communication and influence skills; demonstrated ability to drive strategic alignment on DevSecOps programs across engineering, product, and executive stakeholders.
• Deep expertise in CI/CD platforms (GitHub Actions, GitLab CI/CD, Jenkins, Azure DevOps); able to architect multi-platform pipeline strategies and evaluate emerging tooling at an organizational level.
• Expertise in designing and governing enterprise-scale pipeline policy frameworks, release controls, and branch protection standards; defines organizational standards adopted across teams.
• Advanced proficiency in Python, Bash, PowerShell, or equivalent; designs automation architectures and reusable frameworks adopted across the engineering organization.
• Expert-level API integration capability; architects toolchain integrations and metrics platforms to support program-wide reporting and continuous compliance evidence generation.
• Expert knowledge of application security risks, attack vectors, and secure development patterns; contributes to and influences internal security standards and industry frameworks (OWASP, NIST, CIS).
• Deep expertise in IaC and container security architecture (Terraform, CloudFormation, Bicep; Docker, Kubernetes); defines organizational standards for supply chain integrity, image scanning, and runtime security controls.

Nice To Haves

• Demonstrated program leadership in regulated environments (PHI/PII); authored or significantly contributed to enterprise HIPAA, SOC2, or ISO 27001 compliance programs with direct audit and evidence ownership.
• Expert-level knowledge across the DevSecOps/AppSec toolchain (Semgrep, SonarQube, Snyk, Trivy, Prisma/Defender); experience leading enterprise-scale tooling evaluation, selection, and onboarding programs.
• Advanced security certifications strongly preferred (CISSP, CSSLP, AWS Security Specialty, or equivalent); thought leadership through published work, conference presentations, or open-source contributions is a strong differentiator.

Responsibilities

• Define and own the enterprise DevSecOps toolchain strategy; architect standardized pipeline security frameworks—covering SAST, SCA, secrets scanning, IaC scanning, and container scanning—adopted across all engineering teams.
• Establish and govern enterprise release security standards and gating policies across the software delivery organization; lead exception governance and risk acceptance frameworks at the program level.
• Drive organization-wide adoption of secure development standards; influence engineering leadership on secure-by-default practices and set measurable risk reduction goals tied to business objectives.
• Architect and lead the development of enterprise-grade automation frameworks for pipeline security checks, artifact integrity, pipeline hygiene, and audit evidence generation; define reusable standards adopted across the engineering organization.
• Define and enforce secrets management standards and credential exposure reduction strategies across the entire build and deployment ecosystem; partner with platform leadership to drive enterprise-wide adoption.
• Establish tooling performance standards and quality criteria for security controls across all pipelines; lead continuous improvement of the security toolchain to optimize the balance between risk coverage and developer velocity.
• Define and own the enterprise vulnerability risk management framework; lead cross-functional prioritization of findings with product, engineering, and compliance stakeholders, driving systemic remediation strategies.
• Establish and own vulnerability SLA standards and exception governance policies; provide executive-level reporting on risk posture, aging trends, and program-wide effectiveness to senior leadership.
• Lead and advance DeepHealth’s threat modeling methodology; define organizational standards for security risk assessment and translate complex threat landscapes into strategic engineering priorities.
• Establish and lead the organization’s security champions program; define the DevSecOps maturity roadmap and drive measurable, sustained improvement in security culture across all engineering teams.