DevSecOps Architect

Job Title: DevSecOps Architect

Location: Phoenix, AZ (Hybrid)

Job Summary

We are seeking an experienced DevSecOps Architect to lead the design and implementation of secure, scalable, and automated DevSecOps platforms across cloud and hybrid environments. The ideal candidate will drive security integration throughout the SDLC, build enterprise CI/CD frameworks, enforce cloud security best practices, and enable secure application delivery at scale.

The role requires deep expertise in cloud platforms, infrastructure automation, container security, CI/CD, governance, compliance, and security tooling within highly regulated enterprise environments.

Key Responsibilities

DevSecOps Architecture & Strategy

• Design and implement enterprise DevSecOps architecture for cloud-native and hybrid platforms.
• Integrate security controls across CI/CD pipelines and software delivery lifecycle.
• Define DevSecOps standards, policies, governance models, and automation frameworks.
• Build secure-by-design deployment strategies for applications and infrastructure.

CI/CD & Automation

• Architect scalable CI/CD pipelines using Jenkins, GitHub Actions, GitLab CI, Azure DevOps, or Bamboo.
• Implement automated build, test, security scanning, and deployment workflows.
• Automate infrastructure provisioning using Terraform, CloudFormation, and Ansible.
• Enable GitOps and Infrastructure as Code practices across environments.
• Cloud & Container Security
• Design secure AWS/Azure cloud architectures with focus on IAM, network security, encryption, and compliance.
• Secure Kubernetes/EKS/OpenShift platforms with RBAC, network policies, secrets management, and admission controls.
• Implement container image scanning, runtime protection, and vulnerability remediation processes.
• Configure secure ingress/egress controls, WAF, API security, and Zero Trust principles.

Security & Compliance

• Integrate security tools such as:
• SAST
• DAST
• SCA
• Container Security Scanners
• Secrets Detection
• Implement governance and compliance frameworks aligned with SOC2, PCI-DSS, NIST, CIS, and enterprise standards.
• Conduct security reviews, threat modeling, and remediation planning.
• Support audit readiness and compliance reporting activities.

Monitoring & Observability

• Implement observability and security monitoring using:
• Prometheus
• Grafana
• ELK/Splunk
• Datadog
• CloudWatch
• Build alerting and incident response workflows for platform and security events.
• Improve operational visibility, reliability, and platform resilience.
• Incident Response & Risk Management
• Participate in security incident response and root-cause analysis activities.
• Identify platform vulnerabilities and drive remediation initiatives.
• Establish proactive controls to reduce operational and security risks.

Collaboration & Leadership

• Partner with development, infrastructure, cloud, security, and SRE teams.
• Mentor engineers on DevSecOps best practices and secure coding standards.
• Lead architecture discussions, platform modernization, and automation initiatives.
• Create technical documentation, SOPs, architecture diagrams, and operational runbooks.

Required Skills & Qualifications

Must-Have Skills

• 10+ years of experience in DevOps/DevSecOps/Cloud Engineering
• Strong expertise in AWS and/or Azure cloud platforms
• Hands-on experience with Kubernetes, EKS, OpenShift, or AKS
• Deep knowledge of CI/CD tools and automation frameworks
• Strong Infrastructure as Code experience with Terraform and CloudFormation
• Experience integrating security tooling into CI/CD pipelines
• Expertise in IAM, RBAC, encryption, secrets management, and network security
• Experience with monitoring and observability platforms
• Strong scripting/programming skills in Python, Shell, or Groovy
• Experience in regulated enterprise or financial services environments

Preferred Skills

• Experience with GitOps tools such as Argo CD or Flux
• Familiarity with Service Mesh technologies (Istio/Linkerd)
• Knowledge of Zero Trust architecture principles
• Experience with AWS Security Hub, GuardDuty, Inspector, Prisma Cloud, Aqua, or Wiz
• Understanding of SRE concepts, SLIs/SLOs, and operational resilience