Job Specifications
Job Title: Principal DevSecOps Engineer (CI/CD & OpenShift)
Location: New Jersey /Charlotte /Texas (Onsite)
Duration: 12+ months
Role Summary
We are seeking a Principal DevSecOps Engineer to lead the architecture, implementation, and optimization of our CI/CD platforms and OpenShift (OCP)-based container application delivery. You will set strategy and standards for secure software supply chains, automate everything from build to production, and partner with product, security, and SRE teams to deliver reliable, compliant, and high-velocity releases at scale.
You’ll be the technical authority for pipeline design, GitOps, OCP cluster/platform engineering, and DevSecOps controls, enabling teams to ship faster with built in security and observability.
Key Responsibilities
Platform Architecture & Ownership
Own the end-to-end CI/CD architecture(e.g., GitHub Actions / Azure DevOps / Jenkins / GitLab CI) and OpenShift (OCP)platform setup across multiple environments (Dev → Prod).
Design and implement GitOps workflows (e.g., Argo CD/Flux) for declarative, auditable, and automated environment management.
Define multi-tenant OCP standards: projects/namespaces, RBAC, network policies, resource quotas/limits, SCCs/PSa, and cluster add-ons (ingress, service mesh, operators).
Security by Design (DevSecOps)
Embed SAST/DAST/SCA/Secrets scanning into pipelines; enforce policy gates with tools like SonarQube, OWASP ZAP, Trivy/Grype, Anchore, Snyk, or Aqua.
Establish and automate SBOM, image signing (cosign/Notary), provenance/attestations (SLSA), and supply chain risk controls.
Harden OCP clusters and pipelines (image policies, admission controllers, network policies, security contexts, TLS, secrets mgmt) per CIS, NIST, and organizational standards.
Build & Release Engineering
Standardize pipeline templates (reusable, parameterized) for microservices and data/ML workloads; optimize build caching, parallelization, and artifact/versioning strategies.
Implement progressive delivery(blue/green, canary) and rollout safeguards with Argo Rollouts or service mesh.
Manage artifact repositories/registries (Nexus/Artifactory/Harbor, Quay/OCP Image Registry).
Reliability, Observability & Cost
Instrument end-to-end observability(logs/metrics/traces) across CI/CD and OCP using tools like Prometheus, Grafana, Loki, ELK/Elastic, and OpenTelemetry.
Improve pipeline and deployment MTTR, reduce change failure rate, and increase deployment frequency.
Build capacity & cost visibility for OCP (cluster autoscaling, right-sizing, quota policies, node pools/infra nodes, FinOps guardrails).
Governance & Enablement
Define governance for branching, release versioning, environment promotions, access control, and compliance evidence.
Lead inner-source enablement (documentation, starter repos, golden paths, developer portals/Backstage).
Mentor engineers; lead root cause analysis for platform and release incidents.
Required Qualifications
10+ years in DevOps/Platform/SRE/Build & Release; 3+ years in a principal/lead capacity.
Deep expertise in CI/CD: Git-based workflows; one or more platforms (GitHub Actions, Azure DevOps, Jenkins, GitLab CI). Strong with YAML pipelines, runners/agents, caching, artifact mgmt.
Expertise in OpenShift (OCP): cluster administration, Operators, Routes/Ingress, SCC/PSa, Quay/registry, Service Mesh (optional), and OCP GitOps (Argo CD). Kubernetes fundamentals required.
Security: Hands-on with SAST/DAST/SCA, container scanning, SBOMs (CycloneDX/SPDX), image signing (cosign), secrets management (Vault/External Secrets), policy as code (OPA/Gatekeeper/Kyverno).
Infrastructure as Code: Terraform/ArgoCD Helm/Kustomize; strong GitOps principles.
Programming/Scripting: Proficiency in Bash and one of Python/Go/TypeScript for tooling and automation.
Observability: Prometheus/Grafana, ELK/Elastic/Loki, OpenTelemetry; pipeline telemetry/SLIs.
Cloud: Experience with at least one major cloud (AWS/Azure/GCP) integrating managed services with OCP (e.g., ROSA/ARO) or IPI/UPI installations.
Preferred Qualifications
Certifications: Red Hat OpenShift (e.g., EX280/EX288), CKA/CKAD/CKS, Azure/AWS/GCP, Security+ or equivalent.
Supply Chain Security: Familiarity with SLSA, NIST SSDF, CIS benchmarks, and compliance regimes (SOC 2, PCI, HIPAA).
Progressive Delivery: Argo Rollouts, service mesh traffic shifting (Istio/OSSM/Kourier).
Data/ML pipelines experience (if relevant), GPU workloads on OCP.
Experience in regulated industries(financial services, healthcare, public sector).