DevSecOps Lead

Job Title: DevSecOps Lead

Role Overview

We are seeking an experienced DevSecOps Lead to architect, implement, and operationalize secure CI/CD pipelines, cloud environments, Terraform-based infrastructure, and security guardrails across mobile and cloud application teams. The ideal candidate is hands‑on with GitLab pipelines, AWS cloud environments, security tooling, IaC, and performance/scalability tuning. This role will initially be an individual contributor and later grow into a small DevOps/Platform Engineering team lead.

Key Responsibilities

1. CI/CD Pipeline Engineering (GitLab)

• Architect and build GitLab CI/CD pipelines for both mobile (iOS/Android) and cloud applications.


• Develop reusable pipeline templates, shared libraries, and YAML modules for engineering teams.


• Automate environment‑specific build and deploy flows (dev, QA, UAT, prod).


• Enhance build speed, caching strategy, and parallelization for optimal performance.

2. Cloud Deployment, Operations & Security (AWS)

• Design and maintain AWS cloud accounts with strong security guardrails, including:




• IAM roles, policy boundaries, least privilege design


• VPC segmentation, subnets, NACLs, security groups


• AWS Organizations & Service Control Policies (SCPs)




• Implement cost management frameworks: Budgets, cost forecasting, tagging policies, cost optimization.


• Deploy, manage, and optimize:




• EKS / ECS clusters


• EC2, Lambda, API Gateway


• RDS, DynamoDB, S3, CloudFront




• Setup monitoring and observability:  CloudWatch, Prometheus/Grafana, ELK/EFK


• Troubleshoot performance, reliability, scaling, and networking issues.

3. Infrastructure as Code (Terraform)

• Build and maintain Terraform modules for AWS infrastructure creation and lifecycle management.


• Implement standard IaC


• Enforce IaC best practices


• Automate AWS environment provisioning across multiple regions and workloads.

4. GitOps, Deployment Automation & Tooling

• Implement automated deployment workflows using: ArgoCD or equivalent.


• Ensure alignment between Git repositories, Terraform states, and actual cloud environments.


• Define deployment strategies: Blue/Green, Canary, Rolling, Feature Flags.


• Integrate secrets management (AWS Secrets Manager, etc).

5. Security, Compliance & Governance

• Build mandatory security steps into pipelines


• Ensure timely VAPT (Vulnerability Assessment & Penetration Testing) cycles and remediation tracking.


• Establish security guardrails:




• Hardened AMIs/containers


• Secure CI/CD runners


• IAM least‑privilege enforcement


• TLS enforcement, encryption in transit & at rest




• Define and enforce compliance with cloud security best practices.

Required Technical Skills

• Deep expertise with GitLab CI/CD (required).


• Strong proficiency in AWS: IAM, VPC, EKS/ECS, CloudFront, S3, Lambda, RDS, security controls.


• Hands-on experience with Terraform.


• Experience in continuous deployment tools.


• Understanding of mobile build pipelines for iOS/Android.


• Expert-level scripting skills: Bash, Python, YAML.


• Strong knowledge of SAST, SCA, container scanning, secrets scanning.


• Experience with:




• Docker/Kubernetes


• CloudWatch, ELK, Prometheus/Grafana


• CDN, WAF, load balancers




• Knowledge of OWASP, CIS Benchmarks, AWS Well-Architected Framework.

• Experience with cost optimization tools like AWS Cost Explorer or CloudHealth.


• Familiarity with provisioning iOS/macOS runners or build agents.


• Experience with incident management, runbooks, and reliability engineering.

Soft Skills

• Strong communication, documentation, and problem-solving skills.


• Ability to collaborate across engineering, security, QA, product, and vendor teams.


• Ownership mindset and ability to lead in ambiguous and fast-moving environments