DevOps SRE (GitHub)

Job Description:

• EMU Implementation: Design and implement the migration from existing Single
Sign -On (SSO) to Enterprise Managed Users (EMU) to centralize user
lifecycle management and enforce corporate identity standards.

• IdP Integration: Serve as the technical lead for integrating GitHub Enterprise
Cloud with our Identity Provider (IdP) (e.g., Azure AD/Google Workspace) for
seamless SSO and Multi -Factor Authentication (MFA).

• RBAC and Policy: Define, implement, and enforce a Role -Based Access
Control (RBAC) model founded on the principle of least privilege
across all GitHub Organizations.

• Token Governance: Overhaul and formalize the Personal Access Token (PAT)
policy, implementing short -lived expiry dates and fine -grained permissions for
both human and service accounts.2. Repository Migration and CMDB Integration

• Discovery & Migration: Identify, catalogue, and prepare all code repositories
across the Woolworths Group for migration to GitHub, ensuring no code is left
behind.

• CMDB Synchronization: Integrate the GitHub repository catalogue with the central Configuration
Management Database (CMDB), automating the synchronization of metadata
(e.g., repository owner) for real -time visibility and reporting.3. Code
Security and Secret Management

• Secret Scanning: Implement and manage GitHub Secret Scanning across
all repositories to identify and triage embedded secrets (API keys, passwords).

• Proactive Protection: Review Push Protection globally across all
GitHub repositories to proactively block new secrets from being committed to code
history.

• Vulnerability Management: Systematically analyze secret findings, prioritize
remediation efforts based on vulnerability and risk, and formalize the
migration of all active secrets into an approved vaulting solution.4. API
Security and Incident Response

• API Security Review: Lead a security review of our API utilization and exposure
across platforms like Apigee, Microsoft Graph, and Azure API Gateway,
using CodeQL to analyze usage patterns and potential vulnerabilities
in the code.

• Incident Activity: Perform in -depth security code reviews to remediate
identified issues and quickly identify repositories affected by security
incidents, prioritizing those that are externally facing.Required Skills and
QualificationsTechnical and Analytical Expertise (Must -Haves)

• Deep GitHub Administration: Extensive, hands -on experience managing and governing GitHub
Enterprise Cloud environments, including organization and enterprise -level
settings.

• Identity & Access Management: Proven expertise in SAML SSO,
SCIM, and IdP integration (e.g., Azure AD/Google Workspace).
Experience with the entire EMU setup and migration lifecycle 

• DevSecOps Automation: Strong scripting skills (e.g., Python, Bash) and experience
with GitHub Actions/Workflows to automate security policies, repository
metadata updates (CMDB integration), and remediation tasks.

• API Security: Strong
understanding of API security principles (OAuth, scopes, token usage) and
experience reviewing code that integrates with major platforms (Apigee,
Microsoft Graph).Good to have

• Azure devops admin experienceSoft Skills and
Certifications

• Analytical Rigor: Exceptional analytical skills with the ability to translate
complex security findings (CodeQL results) into prioritized, actionable
technical remediation plans.

• Communication: Excellent
verbal and written communication skills, capable of articulating complex
security risks to both technical engineers and executive stakeholders.Certification
(mandatory): GitHub Certified Administrator or equivalent
enterprise security certification (e.g., related to cloud security or identity
management).