Principal DevSecOps Engineer

Job Description:

Position Overview

The primary responsibility of the Principal DevSecOps Engineer is to architect and implement comprehensive DevSecOps practices for our casino management system being developed from the ground up. This role demands a deep technical background in software development, security practices, and operations, with a focus on creating secure, scalable, and efficient deployment pipelines. The Principal DevSecOps Engineer will lead cross-functional teams to ensure security is integrated throughout the software development lifecycle and guide the organization in adopting best practices. 

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.

Essential Duties & Responsibilities

• Define, champion, and implement a robust DevSecOps strategy that aligns with business objectives, enhances operational efficiency, and ensures regulatory compliance. 

• Architect CI/CD pipelines and DevSecOps frameworks that support rapid and reliable software delivery while embedding security at every stage of the development lifecycle. 

• Drive the integration of advanced security practices into the development lifecycle, including threat modeling, automated security testing (SAST/DAST), and comprehensive vulnerability management. 

• Lead the adoption of IaC tools (e.g., Terraform, AWS CloudFormation) to automate provisioning and management of secure infrastructure. 

• Design and oversee secure deployment strategies for single and multi-tenant environments, ensuring optimal resource isolation and performance. 

• Implement and optimize monitoring, logging, and alerting systems to ensure system reliability and security compliance. Develop incident response plans and security policies, fostering a proactive security culture. 

• Partner with development, QA, and operations teams to drive a culture of security awareness and best practices in software development and deployment. 

• Provide technical leadership and mentorship to DevSecOps teams, fostering professional growth and promoting a culture of innovation and continuous improvement. 

• Establish and maintain comprehensive documentation of DevSecOps processes, standards, and best practices, ensuring alignment across teams. 

• Perform job duties in a safe manner.

• Attend work as scheduled on a consistent and regular basis.

• Perform other related duties as assigned.

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States.

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. 

• Must be able to obtain and maintain any certification or license, as required by law or policy. 

• 10+ years of experience in software development, operations, and security, with at least 5 years in a principal or lead DevSecOps role, preferably in the gaming or casino industry. 

• Expertise in CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) for automating build and deployment processes. 

• Extensive experience with configuration management tools (e.g., Ansible, Chef, Puppet) for maintaining system configurations. 

• Deep knowledge of containerization technologies (e.g., Docker, Kubernetes) and orchestration for deploying and managing applications at scale. 

• Demonstrated experience with IaC tools (e.g., Terraform, AWS CloudFormation) for automating infrastructure provisioning and management. 

• In-depth knowledge of security frameworks and tools, including SAST, DAST, and SIEM solutions. 

• Strong experience with cloud services (e.g., AWS, Azure, Google Cloud) and their security configurations and best practices. 

• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating workflows and integrations. 

• Demonstrated experience in designing and implementing secure multi-tenant architectures to ensure data isolation and compliance. 

• Exceptional leadership, communication, and collaboration skills to influence and guide diverse teams and stakeholders. 

• Strong analytical and problem-solving capabilities, focused on delivering innovative and secure solutions. 

• Proven track record of driving cultural change within organizations, fostering a proactive approach to security and DevSecOps practices. 

• Strong interpersonal skills with the ability to communicate effectively and interact appropriately with management, other Team Members and outside contacts of different backgrounds and levels of experience.

Physical Requirements

Must be able to:

• Physically access assigned workspace areas with or without reasonable accommodation.

• Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust.

• Utilize laptop and standard keyboard to perform essential functions of the job.