JOBSEARCHER

Lead DevSecOps Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Job Title: Lead DevSecOps EngineerLocation: Cleveland, OH, Pittsburgh, PA, or Dallas, TXEmployment Type: Full TimeAbout VLink: Started in 2006 and headquartered in Connecticut, VLink is one of the fastest growing digital technology services and consulting companies. Since its inception, our innovative team members have been solving the most complex business, and IT challenges of our global clients.Position DescriptionClient is seeking a Lead DevSecOps Engineer to champion secure‑by‑design engineering across our cloud and application platforms. You will lead the integration of security into CI/CD pipelines, architect secure cloud environments, and guide teams in adopting modern DevSecOps practices.This is a high‑impact leadership role where you will influence strategy, mentor engineers, and shape Client’s security posture across mission‑critical systems.We're standing up a dedicated vulnerability management practice at one of the largest banks in the US, automating what two vendor teams currently do by hand, and building the AI layer that takes it further.The work is hands-on, the impact is visible, and you'll have a delivery team ready to execute with you from day one.This position is located at our client site in Cleveland, OH, Pittsburgh, PA, or Dallas, TX.Future duties and responsibilitiesDevSecOps Practice Leadership. Build and lead the DevSecOps engineering practice across all three execution crews Platform & Infra, Application/Data/Middleware, and Container & TRC.. Own the Definition of Done for vulnerability remediation across all 130 mnemonics: what constitutes a properly remediated, validated, and closed item before Archer POAM closure and rescan submission.. Coach GCC offshore engineers on Client-specific practices including Bitbucket branching standards, Jenkins pipeline security gates, PAC enforcement, and CaaS container security policies. Act as the technical escalation point between execution crews and the Solution Architect.Jenkins Pipeline Security and Automation. Own the security and reliability of all Jenkins pipelines used for vulnerability remediation automation including PR generation, RITM automation, and remediation validation.. Implement and maintain security gates within Jenkins pipelines enforcing PAC policy checks, scan thresholds, and approval workflows before any automated fix proceeds.. Build and maintain Jenkins shared library components for reusable pipeline steps covering Archer status updates, ServiceNow RITM creation, Sysdig alert ingestion, and rescan triggering.. Ensure all pipeline changes go through client's CAB review process and do not bypass deployment governance.Bitbucket and Artifactory Operations. Own the Bitbucket repository structure and branching standards for the Client GCC automation codebase including runbook scripts, Python tools, Ansible playbooks, and Terraform modules.. Manage Bitbucket PR workflow configurations including required reviewers, merge checks, and automated status checks that enforce quality gates before remediation scripts are merged.. Maintain Artifactory integration within the vulnerability remediation pipeline managing artifact promotion, dependency resolution, and scanning to ensure no vulnerable dependencies are introduced into the automation toolchain.Policy-as-Code and Compliance Automation. Implement and maintain client PAC policy rules governing vulnerability remediation automation, ensuring automated remediations comply with client's security policies before execution.. Build Ansible playbooks for repeatable infrastructure remediation patterns including OS patch application, SSL/TLS configuration updates, and server hardening aligned to client standards.. Develop Terraform modules for infrastructure-level vulnerability remediations requiring environment configuration changes.. Implement automated compliance evidence generation producing audit-ready outputs from Jenkins pipeline executions that satisfy client's OCC, FFIEC, and SOX audit requirements.Vulnerability Tool Operations. Own the day-to-day health and configuration of all vulnerability tool integrations including Archer API connections, Tanium feed ingestion, Sysdig alert routing, SecurityCenter data pipelines, and Imperva alert processing.. Maintain the Python-based ServiceNow integration that creates, routes, and tracks RITMs to Client platform teams including Converge, Firewall, DBA, Patching, NAS, and DNS without manual intervention.. Monitor Sysdig feed health ensuring Docker/CaaS vulnerability alerts are correctly processed and deduplicated against Archer records.. Manage scan credential rotation for authenticated scans across Tanium, SecurityCenter, and Sysdig to prevent scan coverage gaps.Secrets and Access Management. Own secrets management for all automation pipelines and service accounts via CyberArk in compliance with Client's credential management standards.. Ensure least-privilege access for all Jenkins service accounts, Bitbucket automation users, and Archer API integrations with quarterly access reviews.. Maintain CyberArk integration within Jenkins pipelines ensuring no credentials are hardcoded in Jenkins files, Ansible playbooks, Python scripts, or Terraform configurations.Reporting and Observability. Build and maintain the unified vulnerability SLA dashboard in Archer providing real-time view of open vulnerability counts by severity, MTTR by crew, backlog burn-down by mnemonic, and SLA compliance rate for Client leadership.. Develop automated weekly SLA reports integrating Archer vulnerability status, Jira sprint metrics, and ServiceNow RITM resolution times into a single consolidated view.. Maintain Confluence documentation for all automation pipelines, runbooks, and DevSecOps standards.Shift-Left and Continuous Improvement. Drive shift-left security practices within client's BTI Retail, Lending, AMG, and CIB application teams by embedding PAC checks and container security scanning in Bitbucket PR pipelines before vulnerabilities surface in Sysdig scans.. Identify and implement automation improvements targeting the highest volume repeatable remediation patterns.. Contribute operational insights from pipeline execution data to the Solution Architect and AI/ML Engineers to continuously improve the AI triage engine.Required Qualifications:7+ years of hands-on DevSecOps or security automation engineering in enterprise environments. Deep Jenkins experience in production at enterprise scale: shared library development, pipeline-as-code, credential management, plugin administration, and troubleshooting in multi-team environments. Bitbucket administration and pipeline integration: branch permissions, PR workflow configuration, webhook-driven automation, and Jenkins integration patterns. Artifactory: dependency management, artifact promotion, repository configuration, and security scanning integration. Python at production quality: REST API integrations, data pipeline code, and automation scripts that GCC engineers will maintain. Ansible: writing and maintaining playbooks for OS-level and middleware-level remediations on Linux and Windows. Terraform: writing modules for infrastructure configuration changes with proper state management and change governance. Policy-as-code implementation: OPA/Conftest or equivalent enforcing security standards within CI/CD pipelines at runtime. REST API integration: production integrations against Archer GRC, ServiceNow, and Jira APIs. Container platform operations: Docker and OpenShift/OCP specifically including image management, CaaS operations, and container security scanning. Vulnerability management platform experience: Archer GRC, Tanium, or SecurityCenter in an operational day-to-day capacity. CyberArk secrets management: integrating CyberArk with CI/CD pipelines and enforcing no-hardcoded-credentials standards. Banking or financial services environment: CAB process, change window management, production deployment governance, and audit evidence requirements in a regulated context. Non-negotiable for this engagement.Preferred Qualifications. Direct Client environment experience: familiarity with Converge, Micron framework, CaaS/OCP configuration, or BTI Retail/Lending mnemonic structure. Sysdig operational experience: container vulnerability scanning, alert configuration, and downstream triage integration. Tanium experience: endpoint detection, vulnerability data extraction, and API integration. LangChain or AI agent pipeline experience: Phase 2 introduces an AI triage engine and engineers who can contribute to its operational integration will be more effective. Jira administration and Confluence technical documentation at production qualitySkills:Container TechnologyJenkinsPythonTerraformVulnerability coordinationAnsibleBitbucketEmployment Practices:EEO, ADA, FMLA CompliantVLink is an equal opportunity employer committed to fostering an inclusive environment where diversity is celebrated. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. Employment is contingent upon successful completion of a background check. Applicant information will be handled in accordance with VLink's privacy policy.