DevSecOps Architect – Toolchain Support & Consulting

About The Position

Requirements

• Bachelor’s or Master’s degree in Engineering, Computer Science, or a related field, or equivalent practical experience.
• 8+ years of professional experience in DevSecOps, source control management (SCM), and end‑to‑end software delivery pipelines within enterprise environments.
• Strong hands‑on experience designing, implementing, and supporting CI/CD pipelines, including release strategies, branching models, and artifact management.
• Demonstrated expertise in DevSecOps toolchain architecture and integration, supporting cloud and on‑premise environments.
• Proven experience working with Git‑based platforms such as GitHub and Bitbucket, including repository management, workflows, and integrations.
• Hands‑on experience with Azure DevOps (Boards, Pipelines, Repos, Artifacts).
• Strong understanding of shift‑left security practices, including integration of security into the SDLC and CI/CD pipelines (e.g., SAST, SCA, IaC scanning, container scanning, and secrets detection).
• Experience with application security and code quality tools (e.g., SonarQube, Checkmarx, Veracode or similar).
• Experience with software composition analysis (SCA) tools (e.g., Black Duck, Snyk, Mend.io or similar).
• Familiarity with code and dependency scanning tools (e.g., GitHub Advanced Security, Dependabot, GitLeaks or equivalent).
• Proficiency in scripting and automation using languages such as Bash, Python, PowerShell, Groovy, and YAML.
• Experience with infrastructure automation and orchestration tools such as Jenkins, GitHub Actions, Terraform, Ansible, Docker, and Kubernetes.
• Experience leading or supporting source control migrations, including migrations from non‑Git systems to Git‑based platforms.
• Exposure to regulated environments (e.g., GxP or other regulated industries) is preferred; candidates with strong DevSecOps fundamentals and the ability to learn regulatory frameworks are encouraged to apply.
• Experience working in hybrid cloud environments, including AWS and/or Azure.
• Strong communication and consulting skills, with the ability to collaborate effectively with R&D, development, QA, platform teams, and senior stakeholders.

Nice To Haves

• Familiarity with legacy or non‑Git SCM tools (e.g., ClearCase, Subversion) is a plus.

Responsibilities

• Consult with R&D and engineering teams on DevSecOps toolchain strategy, including assessment of existing environments and recommendations for improvement, consolidation, or migration.
• Architect, design, and implement scalable, secure, and maintainable DevSecOps platforms supporting CI/CD, source control, release automation, and testing.
• Integrate and automate tools across the software development lifecycle, including version control, CI/CD, artifact management, containerization, infrastructure‑as‑code, monitoring, and security.
• Embed shift‑left security practices, integrating SAST, SCA, IaC scanning, container scanning, and code quality checks into developer workflows and pipelines.
• Provide expert guidance on version control strategies, branching models, secure coding standards, and threat‑modeling practices.
• Build, maintain, document, and continuously improve CI/CD pipelines for enterprise and regulated environments.
• Lead source control migrations (e.g., non‑Git to Git) and toolchain modernization initiatives.
• Collaborate closely with development, QA, platform, and R&D stakeholders to ensure consistent adoption of DevSecOps practices.
• Create technical documentation and deliver workshops or enablement sessions on DevSecOps tools, standards, and best practices.