TQUKE0856_5344 - DevSecOps lead

We are seeking a highly experienced DevSecOps & IaC Lead to drive enterprise-wide DevSecOps transformation and Infrastructure-as-Code implementation during the migration of large-scale on-prem systems to AWS cloud. This role requires deep expertise across CI/CD pipelines, security automation, cloud-native DevOps tooling, third-party DevSecOps platforms, and large-scale IaC governance. The ideal candidate will lead cross-functional engineering teams, define DevSecOps strategy, enforce secure-by-design principles, and ensure seamless DevSecOps operations across hybrid and cloud environments.

Key Responsibilities

1. DevSecOps Strategy & Cloud Migration Leadership

· Lead the DevSecOps transformation for applications and platforms migrating from on-prem to AWS.

· Build a roadmap for CI/CD modernization, security automation, and cloud-ready pipelines.

· Ensure DevSecOps practices support lift & shift, replatforming, containerization, and modernization migration patterns.

· Collaborate with cloud, application, SRE, and security teams to ensure DevSecOps maturity improves during and after migration.

---

2. Infrastructure-as-Code (IaC) Architecture & Governance

· Define enterprise IaC standards using tools such as Terraform, CloudFormation, CDK, Ansible, and GitOps practices.

· Lead IaC implementation for AWS landing zones, networking, security, containers, and application infrastructure.

· Establish modular IaC patterns, reusable blueprints, guardrails, and governance frameworks.

· Drive full lifecycle IaC adoption: provisioning → configuration → drift control → compliance.

---

3. Cloud-Native & Third-Party DevSecOps Tooling Integration

· Architect and integrate DevSecOps toolchains across cloud and on-prem ecosystems, including:

o CI/CD: GitHub Actions, GitLab, Jenkins, Azure DevOps

o Security: Snyk, Checkmarx, SonarQube, Prisma Cloud, Aqua, Twistlock

o Containers: EKS, ECS, ECR, Helm, ArgoCD, Flux

o Secrets & identity: AWS Secrets Manager, HashiCorp Vault

o Compliance: AWS Security Hub, GuardDuty, OPA/Conftest, Checkov

· Ensure deep integration between security scanning, artifact repositories, code quality, and deployment automation.

---

4. Security Automation & Shift-Left Enablement

· Implement “security-by-default” and “shift-left” practices across the software lifecycle.

· Automate:

o SAST/DAST

o Dependency & container image scanning

o Policy-as-code (Rego/OPA)

o Secrets scanning

o Infrastructure compliance

· Establish secure CI/CD pipeline patterns covering application, container, and infrastructure layers.

---

5. Observability, Reliability & DevOps Excellence

· Partner with SRE, platform, and cloud teams to embed monitoring, logging, tracing, and auditability into pipelines.

· Implement automated quality gates, blue-green/canary deployments, and progressive delivery strategies.

· Standardize operational best practices through automation, runbooks, and deployment frameworks.

---

6. Governance, Risk, Automation & Compliance

· Ensure all DevSecOps and IaC pipelines comply with enterprise security, audit, and regulatory requirements.

· Define DevSecOps maturity KPIs (deployment frequency, MTTR, security findings, drift metrics).

· Build automated governance controls for release management, security enforcement, and compliance checks.

· Drive adoption of secure cloud operating models across all stakeholders.

---

7. Leadership & Stakeholder Management

· Lead cross-functional DevSecOps squads and mentor engineers on DevSecOps, IaC, and cloud automation practices.

· Work with program managers to ensure DevSecOps readiness across all migration waves.

· Communicate progress, risks, and technical decisions to senior leadership and architecture boards.

· Provide strategic input on enterprise cloud engineering standards and transformation roadmap.

---

Required Skills & Experience

Technical Expertise

· 14+ years of experience in DevOps, platform engineering, cloud automation, or infrastructure engineering.

· Strong hands-on experience with AWS cloud services, CI/CD, IaC, and security automation.

· Expertise in:

o Terraform, CloudFormation, CDK, Ansible

o Docker, Kubernetes, EKS/ECS, Helm, GitOps

o GitHub/GitLab/Azure DevOps/Jenkins pipelines

o Security tools: Snyk, Checkmarx, SonarQube, Prisma Cloud, Vault

o Logging/observability platforms (CloudWatch, ELK, Datadog)

Security & Compliance Skills

· Strong understanding of cloud security principles: IAM, KMS, encryption, zero trust, least privilege.

· Experience implementing policy-as-code and pipeline security controls.

· Understanding of CIS benchmarks, NIST, ISO27001, compliance frameworks.

Cloud Migration Skills

· Direct experience supporting large-scale on-prem to AWS migrations.

· Strong understanding of migration waves, application onboarding, and pipeline modernization.

Soft Skills & Leadership

· Excellent communication and architectural documentation abilities.

· Experience leading multi-disciplinary teams across dev, infra, cloud, and security domains.

· Ability to influence architects, executives, developers, and operations teams.

---

Preferred Qualifications

· AWS DevOps Engineer – Professional

· AWS Solutions Architect – Associate/Professional

· HashiCorp Terraform Certification

· Kubernetes certifications (CKAD, CKA, CKS)

· DevSecOps or SRE certifications (nice-to-have)

---

Success Metrics

· Fully automated, secure CI/CD pipelines across all migration phases

· Enterprise-wide IaC adoption with strong governance and consistency

· Reduction in security vulnerabilities and pipeline defects

· Faster cloud onboarding and deployment times

· Improved security posture and operational reliability post-migration