Devsecops & Infrastructure?as?code (iac) Lead

We are seeking a highly experienced DevSecOps & IaC Lead to drive enterprise-wide DevSecOps transformation and Infrastructure as Code implementation during the migration of large-scale on prem systems to AWS cloud. This role requires deep expertise across CI/CD pipelines, security automation, cloud-native DevOps tooling, third-party DevSecOps platforms, and large-scale IaC governance. The ideal candidate will lead cross-functional engineering teams, define DevSecOps strategy, enforce secure-by-design principles, and ensure seamless DevSecOps operations across hybrid and cloud environments., 1. DevSecOps Strategy & Cloud Migration Leadership

• Lead the DevSecOps transformation for applications and platforms migrating from on prem to AWS.
• Build a roadmap for CI/CD modernization, security automation, and cloud-ready pipelines.
• Ensure DevSecOps practices support lift & shift, replatforming, containerization, and modernization migration patterns.
• Collaborate with cloud, application, SRE, and security teams to ensure DevSecOps maturity improves during and after migration.

2. Infrastructure as Code (IaC) Architecture & Governance

• Define enterprise IaC standards using tools such as Terraform, CloudFormation, CDK, Ansible, and GitOps practices.
• Lead IaC implementation for AWS landing zones, networking, security, containers, and application infrastructure.
• Establish modular IaC patterns, reusable blueprints, guardrails, and governance frameworks.
• Drive full lifecycle IaC adoption: provisioning configuration drift control compliance.

3. Cloud Native & Third Party DevSecOps Tooling Integration

• Architect and integrate DevSecOps toolchains across cloud and on prem ecosystems, including:

• CI/CD: GitHub Actions, GitLab, Jenkins, Azure DevOps

• Security: Snyk, Checkmarx, SonarQube, Prisma Cloud, Aqua, Twistlock

• Containers: EKS, ECS, ECR, Helm, ArgoCD, Flux

• Secrets & identity: AWS Secrets Manager, HashiCorp Vault

• Compliance: AWS Security Hub, GuardDuty, OPA/Conftest, Checkov

• Ensure deep integration between security scanning, artifact repositories, code quality, and deployment automation.

4. Security Automation & Shift Left Enablement

• Implement "security-by-default" and "shift-left" practices across the software lifecycle.

• Automate:

• SAST/DAST

• Dependency & container image scanning

• Policy-as-code (Rego/OPA)

• Secrets scanning

• Infrastructure compliance

• Establish secure CI/CD pipeline patterns covering application, container, and infrastructure layers.

5. Observability, Reliability & DevOps Excellence

• Partner with SRE, platform, and cloud teams to embed monitoring, logging, tracing, and auditability into pipelines.
• Implement automated quality gates, blue green/canary deployments, and progressive delivery strategies.
• Standardize operational best practices through automation, runbooks, and deployment frameworks.

6. Governance, Risk, Automation & Compliance

• Ensure all DevSecOps and IaC pipelines comply with enterprise security, audit, and regulatory requirements.
• Define DevSecOps maturity KPIs (deployment frequency, MTTR, security findings, drift metrics).
• Build automated governance controls for release management, security enforcement, and compliance checks.
• Drive adoption of secure cloud operating models across all stakeholders.

7. Leadership & Stakeholder Management

• Lead cross-functional DevSecOps squads and mentor engineers on DevSecOps, IaC, and cloud automation practices.
• Work with program managers to ensure DevSecOps readiness across all migration waves.
• Communicate progress, risks, and technical decisions to senior leadership and architecture boards.
• Provide strategic input on enterprise cloud engineering standards and transformation roadmap.

Technical Expertise

• 14+ years of experience in DevOps, platform engineering, cloud automation, or infrastructure engineering.

• Strong hands-on experience with AWS cloud services, CI/CD, IaC, and security automation.

• Expertise in:

• Terraform, CloudFormation, CDK, Ansible

• Docker, Kubernetes, EKS/ECS, Helm, GitOps

• GitHub/GitLab/Azure DevOps/Jenkins pipelines

• Security tools: Snyk, Checkmarx, SonarQube, Prisma Cloud, Vault

• Logging/observability platforms (CloudWatch, ELK, Datadog)

Security & Compliance Skills

• Strong understanding of cloud security principles: IAM, KMS, encryption, zero trust, least privilege.
• Experience implementing policy-as-code and pipeline security controls.
• Understanding of CIS benchmarks, NIST, ISO27001, compliance frameworks.

Cloud Migration Skills

• Direct experience supporting large-scale on prem to AWS migrations.
• Strong understanding of migration waves, application onboarding, and pipeline modernization.

Soft Skills & Leadership

• Excellent communication and architectural documentation abilities.
• Experience leading multi-disciplinary teams across dev, infra, cloud, and security domains.
• Ability to influence architects, executives, developers, and operations teams.

Preferred Qualifications

• AWS DevOps Engineer Professional
• AWS Solutions Architect Associate/Professional
• HashiCorp Terraform Certification
• Kubernetes certifications (CKAD, CKA, CKS)
• DevSecOps or SRE certifications (nice-to-have)

Success Metrics

• Fully automated, secure CI/CD pipelines across all migration phases
• Enterprise-wide IaC adoption with strong governance and consistency
• Reduction in security vulnerabilities and pipeline defects
• Faster cloud onboarding and deployment times
• Improved security posture and operational reliability post migration