Principal DevSecOps Engineer

About the Role

We are looking for a hands‑on Principal DevSecOps Engineer to drive platform and DevSecOps enablement across a large‑scale public‑sector environment. This role focuses on building, standardising, and enabling CI/CD, IaC, security, and observability practices so that product teams can build, release, and operate services independently and safely. You will act as the technical nucleus of a DevSecOps Enablement Centre of Excellence (CoE) – shaping shared tooling, patterns, and ways of working. This is not a governance‑only or documentation‑heavy architecture role; you will be actively designing and implementing solutions alongside delivery teams.

Hands‑on Platform & DevSecOps Enablement

• Design and implement standardised CI/CD pipelines, IaC modules, security checks, and observability patterns.
• Work directly with engineering teams through workshops, pairing, and implementation support.
• Enable teams to self‑serve infrastructure and pipelines with clear guardrails.

Shared Engineering Assets

• Build and maintain reusable CI/CD templates, Terraform modules, Kubernetes patterns, and security policies.
• Establish opinionated but flexible defaults that scale across teams and products.

CI/CD Modernisation

• Lead migration and standardisation of pipelines (e.g. Jenkins → Azure DevOps).
• Implement gated approvals, automated testing, and integrated security scanning.

Operational Independence

• Define operating models that allow teams to build, release, and run their own services.
• Introduce SRE‑aligned practices, SLAs, and observability standards.

Discovery & Planning

• Assess existing application and platform setups.
• Define pragmatic modernisation roadmaps covering tooling, pipelines, environments, and workflows.

Stakeholder Engagement

• Communicate technical decisions, trade‑offs, and outcomes clearly to both technical and non‑technical stakeholders.
• Work closely with architects, security teams, and platform teams to align standards and priorities.

CoE Leadership (Enablement‑focused)

• Act as the technical anchor of a DevSecOps Enablement CoE.
• Mentor engineers and uplift engineering maturity across teams (no heavy line management expected).

Key Initiatives (First 6–9 Months)

• CI/CD pipelines with security and quality gates.
• Reusable IaC modules and Kubernetes deployment patterns.
• Self‑service DevSecOps workflows with clear guardrails.
• Improved visibility into reliability, security posture, and cost drivers.
• Clear onboarding playbooks for teams adopting shared tooling.

Technical Expertise

• Strong hands‑on experience with Azure DevOps, Terraform, Kubernetes (AKS/EKS), containerisation, and cloud networking.
• Experience building secure, compliant cloud platforms on Azure and/or AWS.

Operations & Security

• Solid understanding of Day‑2 operations, observability (logs, metrics, traces), vulnerability management, and shift‑left security practices.

Enablement Mindset

• Proven ability to standardise tooling while empowering teams rather than blocking them.
• Experience building reusable assets, templates, and playbooks.

Stakeholder Influence

• Able to explain complex technical concepts clearly and pragmatically.
• Comfortable influencing architecture and delivery decisions at programme or enterprise level.

Experience

• Minimum 7 years in IT / engineering roles.
• Experience operating as a senior engineer, principal engineer, or technical lead in complex environments.

GCC / WOG Experience (Highly Preferred)

• Experience working with Singapore Government Commercial Cloud (AWS / Azure) and associated guardrails.
• Familiarity with government DevSecOps platforms (e.g. SHIP‑HATS 2.0, SGTS).
• Exposure to public‑sector delivery environments with structured governance and compliance requirements.

Bonus Points

• Experience establishing DevSecOps or Platform Enablement CoEs.
• Designing CI/CD standards for microservices and APIs.
• Implementing basic FinOps practices and SRE‑aligned operating models.
• Strong understanding of auditability and secure SDLC expectations in regulated environments.

• Version Control
• Leadership
• Kubernetes
• Azure
• Pipelines
• Vulnerability Management
• Architects
• SDLC
• Microservices
• Reliability
• Structural Engineering
• Intellectual Property
• Configuration Management
• Continuous Integration
• Ansible
• Orchestration