Consult with R&D and engineering teams on DevSecOps toolchain strategy, including assessment of existing environments and recommendations for improvement, consolidation, or migration.
Architect, design, and implement scalable, secure, and maintainable DevSecOps platforms supporting CI/CD, source control, release automation, and testing.
Integrate and automate tools across the software development lifecycle, including version control, CI/CD, artifact management, containerization, infrastructure‑as‑code, monitoring, and security.
Embed shift‑left security practices, integrating SAST, SCA, IaC scanning, container scanning, and code quality checks into developer workflows and pipelines.
Provide expert guidance on version control strategies, branching models, secure coding standards, and threat‑modeling practices.
Build, maintain, document, and continuously improve CI/CD pipelines for enterprise and regulated environments.
Lead source control migrations (e.g., non‑Git to Git) and toolchain modernization initiatives.
Collaborate closely with development, QA, platform, and R&D stakeholders to ensure consistent adoption of DevSecOps practices.
Create technical documentation and deliver workshops or enablement sessions on DevSecOps tools, standards, and best practices.

Requirements

Bachelor’s or Master’s degree in Engineering, Computer Science, or a related field, or equivalent practical experience.
8+ years of professional experience in DevSecOps, source control management (SCM), and end‑to‑end software delivery pipelines within enterprise environments.
Strong hands‑on experience designing, implementing, and supporting CI/CD pipelines, including release strategies, branching models, and artifact management.
Demonstrated expertise in DevSecOps toolchain architecture and integration, supporting cloud and on‑premise environments.
Proven experience working with Git‑based platforms such as GitHub and Bitbucket, including repository management, workflows, and integrations.
Hands‑on experience with Azure DevOps (Boards, Pipelines, Repos, Artifacts).
Strong understanding of shift‑left security practices, including integration of security into the SDLC and CI/CD pipelines (e.g., SAST, SCA, IaC scanning, container scanning, and secrets detection).
Experience with application security and code quality tools (e.g., SonarQube, Checkmarx, Veracode or similar).
Experience with software composition analysis (SCA) tools (e.g., Black Duck, Snyk, Mend.io or similar).
Familiarity with code and dependency scanning tools (e.g., GitHub Advanced Security, Dependabot, GitLeaks or equivalent).
Proficiency in scripting and automation using languages such as Bash, Python, PowerShell, Groovy, and YAML.
Experience with infrastructure automation and orchestration tools such as Jenkins, GitHub Actions, Terraform, Ansible, Docker, and Kubernetes.
Experience leading or supporting source control migrations, including migrations from non‑Git systems to Git‑based platforms.
Familiarity with regulated environments (e.g., GxP or other regulated industries) is preferred; candidates with strong DevSecOps fundamentals and the ability to learn regulatory frameworks are encouraged to apply.
Experience working in hybrid cloud environments, including AWS and/or Azure.
Strong communication and consulting skills, with the ability to collaborate effectively with R&D, development, QA, platform teams, and senior stakeholders.

Benefits

Eligibility for bonus
Eligibility for stock options
Health insurance
Professional development opportunities
Paid time off

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

DevSecOpsCI/CDsource control managementartifact managementshift-left securityscriptinginfrastructure automationorchestrationapplication securitysoftware composition analysis

Soft Skills

communicationconsultingcollaborationleadershipdocumentation