Sr. Solutions Architect - DevSecOps

We are seeking a highly skilled and experienced Solutions Architect with a focus on DevSecOps to lead the design, implementation, and optimization of secure, scalable, and reliable cloud and on-premise solutions. The ideal candidate will have deep expertise in DevOps practices, security integration (DevSecOps), and a solid understanding of cloud infrastructure and automation. This role requires a strategic thinker who can collaborate with cross-functional teams to ensure security is embedded across all stages of the software development lifecycle.

Responsibilities

• Solution Design and Architecture:
• Architect secure, scalable, and resilient infrastructure solutions that integrate security into DevOps pipelines (CI/CD).
• Design cloud-native solutions on platforms such as AWS, Azure, or Google Cloud with security-first principles, ensuring adherence to DevSecOps best practices.
• Evaluate and recommend tools and frameworks for automating security practices (e.g., security scanning, monitoring) within the development lifecycle.
• DevSecOps Implementation:
• Lead the implementation of security controls and practices throughout the software development lifecycle, from code creation to deployment.
• Develop and manage automated security testing and monitoring tools (e.g., SAST, DAST, vulnerability scanning).
• Establish security guardrails and integrate them into CI/CD pipelines to detect and mitigate security risks early in the development process.
• Collaboration and Leadership:
• Collaborate with development, operations, and security teams to design, build, and manage highly secure DevOps workflows.
• Provide technical leadership and mentorship to DevOps engineers, software developers, and security teams on best practices for integrating security into agile development.
• Work with stakeholders to gather and define business and technical requirements for DevSecOps initiatives.
• Security and Compliance:
• Ensure infrastructure and applications comply with security standards and regulations such as NIST, ISO, SOC 2, and HIPAA, where applicable.
• Develop and maintain security architecture documentation and ensure systems are compliant with corporate policies and industry standards.
• Conduct risk assessments and lead efforts to mitigate vulnerabilities and potential threats in DevOps processes.
• Automation and Continuous Improvement:
• Develop automation scripts for infrastructure provisioning, security policies enforcement, and monitoring using Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible.
• Continuously improve the security, performance, and scalability of existing DevSecOps workflows and infrastructure.
• Proactively monitor and address potential security risks and recommend improvements to security posture and automation capabilities.
• Monitoring and Incident Response:
• Implement robust security monitoring and alerting mechanisms, integrating tools like SIEM, IDS/IPS, and cloud-native security tools.
• Lead incident response efforts related to security vulnerabilities and provide post-mortem analysis and recommendations for preventing future occurrences.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or related field (Master’s degree preferred).
• 10+ years of experience in architecture or engineering roles with a focus on DevSecOps.
• Strong expertise in DevOps tools and technologies (Jenkins, GitLab, Kubernetes, Docker, etc.).
• Extensive experience with security practices, including vulnerability management, encryption, authentication, and secure coding practices.
• Knowledge of cloud platforms (AWS, Azure, GCP) and Infrastructure as Code (IaC) tools (Terraform, CloudFormation).
• Experience implementing security tools within CI/CD pipelines (e.g., static code analysis, container security).