DevSecOps & IaC Lead
We are seeking a highly experienced DevSecOps & IaC Lead to drive enterprise-wide DevSecOps transformation and Infrastructure-as-Code implementation during the migration of large-scale on‑prem systems to AWS cloud. This role requires deep expertise across CI/CD pipelines, security automation, cloud‑native DevOps tooling, third‑party DevSecOps platforms, and large‑scale IaC governance. The ideal candidate will lead cross‑functional engineering teams, define DevSecOps strategy, enforce secure‑by‑design principles, and ensure seamless DevSecOps operations across hybrid and cloud environments.
Key Responsibilities
1. DevSecOps Strategy & Cloud Migration Leadership
* Lead the DevSecOps transformation for applications and platforms migrating from on‑prem to AWS.
* Build a roadmap for CI/CD modernization, security automation, and cloud‑ready pipelines.
* Ensure DevSecOps practices support lift & shift, replatforming, containerization, and modernization migration patterns.
* Collaborate with cloud, application, SRE, and security teams to ensure DevSecOps maturity improves during and after migration.
2. Enterprise IaC Standards
* Define enterprise IaC standards using tools such as Terraform, CloudFormation, CDK, Ansible, and GitOps practices.
* Lead IaC implementation for AWS landing zones, networking, security, containers, and application infrastructure.
* Establish modular IaC patterns, reusable blueprints, guardrails, and governance frameworks.
3. Cloud‑Native & Third‑Party DevSecOps Tooling Integration
* Architect and integrate DevSecOps toolchains across cloud and on‑prem ecosystems, including:
* Security: Snyk, Checkmarx, SonarQube, Prisma Cloud, Aqua, Twistlock
* Secrets & identity: AWS Secrets Manager, HashiCorp Vault
* Compliance: AWS Security Hub, GuardDuty, OPA/Conftest, Checkov
* Ensure deep integration between security scanning, artifact repositories, code quality, and deployment automation.
4. Security Automation & Shift‑Left Enablement
* Implement "security‑by‑default" and "shift‑left" practices across the software lifecycle.
* SAST/DAST
* Policy‑as‑code (Rego/OPA)
* Secrets scanning
* Infrastructure compliance
* Establish secure CI/CD pipeline patterns covering application, container, and infrastructure layers.
5. Observability, Reliability & DevOps Excellence
* Partner with SRE, platform, and cloud teams to embed monitoring, logging, tracing, and auditability into pipelines.
* Implement automated quality gates, blue‑green/canary deployments, and progressive delivery strategies.
* Standardize operational best practices through automation, runbooks, and deployment frameworks.
6. Governance, Risk, Automation & Compliance
* Ensure all DevSecOps and IaC pipelines comply with enterprise security, audit, and regulatory requirements.
* Define DevSecOps maturity KPIs (deployment frequency, MTTR, security findings, drift metrics).
* Build automated governance controls for release management, security enforcement, and compliance checks.
* Drive adoption of secure cloud operating models across all stakeholders.
7. Leadership & Stakeholder Management
* Lead cross‑functional DevSecOps squads and mentor engineers on DevSecOps, IaC, and cloud automation practices.
* Work with program managers to ensure DevSecOps readiness across all migration waves.
* Communicate progress, risks, and technical decisions to senior leadership and architecture boards.
* Provide strategic input on enterprise cloud engineering standards and transformation roadmap.
Required Skills & Experience
* 14+ years of experience in DevOps, platform engineering, cloud automation, or infrastructure engineering.
* Strong hands‑on experience with AWS cloud services, CI/CD, IaC, and security automation.
* Expertise in Terraform, CloudFormation, CDK, Ansible.
* Security tools: Snyk, Checkmarx, SonarQube, Prisma Cloud, Vault.
* Logging/observability platforms (CloudWatch, ELK, Datadog).
* Strong understanding of cloud security principles: IAM, KMS, encryption, zero trust, least privilege.
* Experience implementing policy‑as‑code and pipeline security controls.
* Understanding of CIS benchmarks, NIST, ISO27001, compliance frameworks.
* Direct experience supporting large‑scale on‑prem to AWS migrations.
* Strong understanding of migration waves, application onboarding, and pipeline modernization.
* Excellent communication and architectural documentation abilities.
* Experience leading multi‑disciplinary teams across dev, infra, cloud, and security domains.
* Ability to influence architects, executives, developers, and operations teams.
Preferred Qualifications
* AWS DevOps Engineer – Professional
* AWS Solutions Architect – Associate/Professional
* Kubernetes certifications (CKAD, CKA, CKS)
* DevSecOps or SRE certifications (nice‑to‑have)
Success Metrics
* Fully automated, secure CI/CD pipelines across all migration phases.
* Enterprise‑wide IaC adoption with strong governance and consistency.
* Reduction in security vulnerabilities and pipeline defects.
* Faster cloud onboarding and deployment times.
* Improved security posture and operational reliability post‑migration.
#J-18808-Ljbffr