DevSecOps Delivery Lead/Senior DevSecOps Engineer

Hiring for one of our client based in Chennai, Tamil Nadu.

Job Role:- DevSecOps Delivery Lead / Senior DevSecOps Engineer (DevOps + Application

Security

Job Location:- Chennai

Job Type:- Full-Time

Key Responsibilities

A) Delivery Leadership (End-to-End Project Ownership)

Lead full delivery lifecycle: discovery architecture implementation

rollout stabilization operational handover.

Create and manage delivery artifacts: project plan, milestones, RAID log,

dependencies, acceptance criteria, and executive-ready status reporting.

Run cadence with customer and internal teams; manage scope, risks, escalations, and

timelines.

Ensure documentation and handover readiness: runbooks, SOPs, pipeline standards,

exception processes.

B) DevSecOps Architecture & Secure SDLC

Define DevSecOps reference architecture and secure SDLC controls across plan

code build test release deploy operate.

Establish risk-based promotion strategies (dev/stage/prod), release controls, and

environment governance. Drive a paved road approach: reusable templates, golden pipelines, self-service patterns.

C) CI/CD Pipeline Security (Modern Toolchains)

Design and implement secure pipelines across platforms such as GitHub Actions,

GitLab CI, Azure DevOps, Jenkins, Bitbucket Pipelines, and similar tools.

Implement security gates and controls for:

o SAST, SCA/OSS dependency risk, Secrets scanning, IaC scanning,

Container image scanning

o SBOM generation, artifact signing/attestation, policy enforcement and

exception governance

Tune controls for signal quality and developer experience; implement time-bound,

auditable exceptions.

D) Application Security (Practical + Context-Aware)

Understand application context: microservices/monoliths, APIs, auth flows,

deployment models, runtime considerations.

Guide threat modeling for critical services and convert threats into pipeline and

runtime guardrails.

Support vulnerability triage and remediation workflows; define secure coding and

testing standards aligned to OWASP.

E) Infrastructure as Code & Policy-as-Code (Hands-on)

Hands-on implementation with Terraform (mandatory) and IaC security for

Terraform/Bicep/CloudFormation/Helm/Kustomize (as applicable).

Implement policy-as-code using OPA/Gatekeeper, Kyverno, Conftest, Sentinel,

and/or native cloud policy engines.

Enforce baselines and reduce drift through automated checks and guardrails.

F) Container, Kubernetes & Supply Chain Security

Implement container supply chain controls: secure base images, registry governance,

SBOMs, signing/attestations, vulnerability remediation workflows.

Define Kubernetes security baselines: RBAC hardening, network policies, secrets

handling patterns, admission controls, runtime requirements, and exception

governance.

G) Secrets Management & Identity for Pipelines

Implement secrets management and rotation patterns for CI/CD and runtime: vaulting,

short-lived credentials, workload identity, least privilege.

Prevent and respond to secret leakage via scanning, blocking, and incident-ready

playbooks.

H) Observability, Evidence & Operational Readiness

Ensure auditability and traceability: build integrity, gate results, deployment

provenance, change history.

Integrate key pipeline/security telemetry into logging/SIEM workflows where

required.

Required Qualifications:-

Strong experience in DevOps/Platform Engineering with deep DevSecOps exposure

(typically 8+ years).

Proven ability to lead delivery (customer-facing): planning, execution, stakeholder

management, and end-to-end ownership.

Strong knowledge of application context and software delivery strategies:

branching/release patterns, environment promotion, deployment strategies.

Strong hands-on experience with Terraform (mandatory) and infrastructure

automation.

Strong CI/CD experience (design + implementation) on at least one major platform

(GitHub/GitLab/Azure DevOps/Jenkins/Bitbucket), preferably more than one.

Practical application security knowledge: OWASP Top 10, vulnerability lifecycle,

threat modeling, secure coding/testing fundamentals.

Programming/scripting proficiency in at least one: Python / Go / Java / JavaScript /

C#, plus scripting (Bash/PowerShell).

Strong documentation and communication skills—able to align security controls with

engineering velocity.

Preferred / Nice-to-Have

Experience with supply chain integrity patterns: SBOM concepts

(CycloneDX/SPDX), signing/attestation approaches, provenance controls.

Experience with Kubernetes security in production environments.

Exposure to cloud security guardrails (IAM boundaries, logging baselines, posture

controls).

Experience building reusable accelerators: golden pipelines, templates, reference

architectures, playbooks.

Relevant certifications (optional): Kubernetes security training, cloud security certs,

CSSLP, etc.

Key Deliverables / Success Metrics

Projects delivered end-to-end with clear scope, milestones, acceptance criteria, and

stable operational handover.

CI/CD security gates implemented with low noise, high adoption, and auditable

exception workflows.

Measurable reduction in supply chain risk: improved secrets hygiene, dependency

governance, image hygiene, SBOM coverage, and artifact integrity controls.

Repeatable templates/standards that reduce onboarding time for new teams and

accelerate delivery across customers.

Positive developer experience: controls are reliable, documented, and designed to

minimize friction while meeting security outcomes.

Value:-

Ownership and delivery discipline

Engineering-first mindset with security depth

Practical, outcome-driven security that scales across teams and customers

Strong communication and the ability to influence without blocking delivery

If Interested, mail your resume directly at [Confidential Information]