DevSecOps Process & Tools - Principal Engineer

We are seeking an experienced DevSecOps Principal Engineer with 15+ years of expertise to lead and shape our DevSecOps strategy, processes, and tools. This senior role combines deep technical knowledge with strategic leadership in both process optimization and tool selection and implementation. As a key player in our engineering leadership team, you will drive the vision for DevSecOps across the organization, ensuring continuous improvement, automation, security, and scalability in software delivery pipelines.

• Strategy Development: Define and execute a comprehensive DevSecOps strategy that aligns with organizational goals and industry best practices.
• Process Optimization: Analyze current development and operational processes to identify opportunities for integrating security practices. Develop and implement standardized DevSecOps processes globally.
• Metrics & Reporting: Establish KPIs and metrics to measure the effectiveness of DevSecOps initiatives. Create dashboards and reports to communicate progress to stakeholders.
• Collaboration: Work closely with development, operations, security, and compliance teams to promote a shared responsibility model for security.
• Tooling & Automation: Identify and implement tools that facilitate the integration of security into CI/CD pipelines and other automation processes.
• Continuous Improvement: Foster a culture of continuous improvement through regular assessments, feedback loops, and adaptation of processes based on evolving threats and organizational needs.
• Standardization of CI/CD pipelines: Define global templates for CI/CD to enable stage gates for multiple sections in the SDLC, shifting left testing for code quality and security, and ensuring consistent, efficient, and scalable build and release processes across projects.
• Tool Strategy Development: Lead the strategy for selecting and implementing DevSecOps tools across the organization, ensuring alignment with business objectives and security requirements. Manage the architecture and lifecycle of the tools.
• Enterprise Architecture Collaboration: Work with enterprise architects to ensure that DevSecOps tools and processes align with overall architectural frameworks and strategies.
• Process Improvement: Analyze current workflows and tools to identify gaps and opportunities for optimization, recommending new tools and processes as needed.
• Stakeholder Engagement: Collaborate with cross-functional teams to drive the adoption of DevSecOps practices.
• Governance: Establish and track metrics to evaluate the effectiveness of DevSecOps tools and processes, providing insights and recommendations for continuous improvement.
• Training & Awareness: Develop training programs and materials to raise awareness of DevSecOps principles and practices across the organization.

Education: Bachelors in Computer Science, Information Technology. Masters preferred.

Experience:

• 10+ years of experience in software development, DevSecOps and security roles.
• 5+ years of experience in a leadership or architect role focusing on DevSecOps.

Technical Skills:

• Strong understanding of software development methodologies (Agile, DevSecOps).
• Strong understanding of enterprise architecture principles and frameworks.
• Strong understanding of system administration, tools lifecycle management, integration frameworks, basic networking & database administration.
• Proficiency in CI/CD tools - Azure DevOps, GitHub Enterprise.
• Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes).
• Strong understanding of CI/CD flow for multiple technology stacks in build & deployment phases.
• Proficient in scripting languages: Python/PowerShell and YAML (Azure DevOps, GitHub).
• Hands-on development experience in Java or .NET.
• Experience with cloud platforms (AWS, Azure, GCP) and their security practices.
• Hands-on knowledge of security tools (e.g., SAST, DAST, container security, IAM solutions).
• Hands-on knowledge of tools for dependency management - JFrog Artifactory.
• Hands-on knowledge of code coverage tools - SonarQube.
• Proficiency in container-based blue-green deployment strategies - AKS, GitOps, Argo CD.
• Proficiency in DevSecOps KPIs and metrics such as Escape Defects, Change Failure Rates, Deployment Frequency, etc.
• Proficiency in setting up governance framework for DevSecOps processes.
• Familiarity with infrastructure as code (e.g., Terraform, CloudFormation) and configuration management tools (e.g., Ansible, Puppet).
• Familiarity with IaaS, PaaS and SaaS architectures and network flows.

• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving abilities.
• Proven ability to work in a collaborative, fast-paced environment.
• Proven leadership skills and the ability to drive initiatives across the organization.

• Familiarity with agile methodologies and practices.
• Experience with automation and orchestration in a DevSecOps context.
• Familiarity with compliance standards.
• Experience in developing and implementing security policies and frameworks.
• Experience in implementing enterprise-level metrics for DevSecOps.

• Mid-Senior level

• Full-time

• Engineering and Information Technology

• Manufacturing and Food and Beverage Services