Devsecops

Role Summary
Work with us to build modern Insurtech AI underpinned solutions we are a growing team of hands
on architects striving to build high quality solutions for our internal and external customers. The
DevSecOps Lead leads the DevSecOps practice across the Xceedance insurance ecosystem defining
strategy establishing standards and mentoring engineering teams. This role combines deep
technical expertise with leadership to drive DevOps maturity security automation operational
excellence and cultural transformation using Microsoft Azure as the primary platform.

Key Responsibilities
DevSecOps Strategy & Leadership - Defines and executes comprehensive DevSecOps strategy and
roadmap aligned with business objectives driving digital transformation cloud adoption and
operational efficiency. Establishes DevOps maturity model assessing current state defining target
state and creating actionable improvement plans. Drives cultural transformation promoting
collaboration automation continuous improvement and shared responsibility across development
security and operations teams. Defines metrics and KPIs measuring DevOps effectiveness including
DORA metrics (deployment frequency lead time change failure rate mean time to recovery).
Communicates strategy and progress to executive leadership articulating business value ROI and
risk mitigation.
Enterprise CI/CD Platform Architecture - Leads design and implementation of enterprise CI/CD
platforms and toolchains supporting hundreds of applications and development teams. Architects
multi-tenant pipeline platforms providing self-service capabilities while maintaining governance
security and cost control. Establishes pipeline standards templates and reusable components
accelerating adoption and ensuring consistency. Designs multi-environment deployment strategies
supporting complex promotion workflows across development testing staging and production.
Implements GitOps practices ensuring declarative version-controlled and auditable deployments.
Evaluates and selects CI/CD tools balancing capabilities cost integration and team expertise.
Standards & Best Practices - Establishes comprehensive DevOps standards covering pipeline design
infrastructure as code containerization security integration monitoring and incident response.
Creates reference architectures providing proven patterns for common scenarios including
microservices deployment data pipeline automation and legacy system integration. Develops
documentation runbooks and knowledge repositories enabling teams to adopt DevOps practices
effectively. Conducts architecture reviews ensuring solutions align with enterprise standards and best
practices. Defines branching strategies versioning approaches and release management processes.
Automation & Infrastructure Excellence - Drives automation initiatives across build test deployment
infrastructure management and operational tasks eliminating manual processes and reducing toil.
Leads Infrastructure as Code adoption implementing advanced patterns including module
composition state management strategies and policy validation. Architects multi-cloud
infrastructure supporting Azure as primary platform with strategic use of AWS and Google Cloud.
Designs Kubernetes platforms at scale implementing cluster architecture multi-tenancy service
mesh and operator patterns. Establishes infrastructure testing and validation frameworks ensuring
quality and compliance.

Security Integration & Shift-Left - Leads security integration efforts embedding security controls
throughout the software delivery lifecycle implementing shift-left security principles. Architects
comprehensive security scanning strategies including SAST DAST SCA container scanning and
infrastructure scanning integrated into pipelines. Implements security as code using policy engines
(OPA Kyverno) for automated compliance validation. Designs secrets management architectures
protecting credentials certificates and sensitive configuration. Establishes vulnerability management
processes including detection prioritization remediation tracking and reporting. Creates security
dashboards providing visibility into security posture across applications and infrastructure.
Site Reliability Engineering (SRE) - Establishes SRE practices defining service level objectives (SLOs)
service level indicators (SLIs) and error budgets balancing reliability with feature velocity.
Implements observability frameworks providing comprehensive monitoring logging and tracing
across distributed systems. Designs incident response processes including on-call rotations
escalation procedures and post-mortem analysis. Drives chaos engineering initiatives testing system
resilience through controlled failure injection. Conducts capacity planning ensuring infrastructure
scales to meet demand while optimizing costs. Implements automated remediation reducing mean
time to recovery (MTTR) for common issues.

Team Leadership & Mentorship - Builds and leads high-performing DevSecOps teams recruiting
talent establishing team structure and fostering growth. Mentors DevOps engineers SREs and
infrastructure engineers on technical skills best practices and career development. Conducts training
sessions and workshops spreading DevOps knowledge across the organization. Facilitates
communities of practice sharing knowledge solving common problems and driving continuous
improvement. Provides technical leadership during critical incidents and complex problem-solving
scenarios. Establishes performance objectives and conducts regular feedback sessions.
Tool Evaluation & Vendor Management - Evaluates emerging DevOps tools and technologies
assessing fit for organizational needs. Conducts proof-of-concepts validating tool capabilities
integration and performance. Manages vendor relationships for commercial tools negotiating
contracts and ensuring value delivery. Establishes tool governance including licensing management
version control and deprecation planning. Creates tool selection frameworks guiding build vs buy
decisions.

Compliance & Governance - Ensures DevOps practices comply with regulatory requirements
including GDPR CCPA PCI-DSS SOC 2 and insurance-specific regulations. Implements audit trails
and evidence collection supporting compliance audits. Designs separation of duties and approval
workflows meeting regulatory requirements while maintaining delivery velocity. Establishes cost
governance frameworks providing visibility chargeback mechanisms and optimization
recommendations. Creates compliance dashboards demonstrating adherence to policies and
regulatory requirements.

Collaboration & Stakeholder Management - Collaborates with enterprise architects security teams
development leaders and business stakeholders aligning DevOps initiatives with organizational
goals. Communicates technical concepts to non-technical audiences including executives and
business leaders. Builds consensus across diverse stakeholder groups with potentially conflicting
requirements. Represents DevOps practice in architectural review boards and governance
committees. Partners with HR and recruiting identifying talent needs and building recruitment
pipelines.

Required Skills
DevOps Leadership - Deep expertise in DevOps practices and culture team building and mentorship
strategic thinking and roadmap development change management and organizational influence.
Advanced CI/CD - Enterprise-scale pipeline architecture multi-environment deployment strategies
GitOps practices (ArgoCD Flux) pipeline security and deployment automation patterns (blue/green
canary progressive delivery).

Infrastructure & Cloud - Advanced Infrastructure as Code patterns (Terraform modules state
management policy validation) multi-cloud architecture (Azure AWS GCP) Kubernetes at scale
(cluster architecture operators service mesh multi-tenancy) and hybrid cloud connectivity.
Security & Compliance - DevSecOps and shift-left practices security automation (SAST DAST SCA)
compliance as code (OPA Kyverno) secrets management vulnerability management and regulatory
compliance frameworks.

Site Reliability Engineering - SLO/SLI definition and tracking observability (metrics logs traces)
incident response and on-call management chaos engineering capacity planning and automated
remediation.

Platform Engineering - Internal developer platform design developer experience optimization self-
service infrastructure platform as product mindset and platform API design.

Tools & Technologies - Azure DevOps GitHub Actions GitLab Terraform Kubernetes Docker Helm
Azure services monitoring platforms (Prometheus Grafana Azure Monitor) and security scanning
tools.

Required Experience
Eight or more years in DevOps SRE or infrastructure engineering roles with three years in technical
leadership or management positions. Proven track record building DevOps practices from the
ground up establishing strategy standards and teams. Experience leading enterprise-scale CI/CD
platform implementations serving hundreds of applications and development teams. Evidence of
driving cultural transformation promoting DevOps practices across organizations. Track record
establishing SRE practices implementing observability solutions and improving reliability metrics.
Experience in insurance or financial services with understanding of regulatory compliance
requirements. Demonstrated ability recruiting and developing high-performing technical teams.
Required Certifications

Microsoft Certified: DevOps Engineer Expert (AZ-400) Microsoft Certified: Azure Solutions Architect
Expert (AZ-305). Valuable additions: AWS Certified DevOps Engineer - Professional Certified
Kubernetes Administrator (CKA) Certified Kubernetes Security Specialist (CKS) HashiCorp Certified
Terraform - Professional CISSP (for security focus).

Key Competencies
Strategic Leadership - Defining multi-year DevOps roadmaps aligning technology initiatives with
business strategy communicating vision to diverse audiences and driving organizational change.
Technical Excellence - Deep technical expertise across DevOps disciplines staying current with
emerging technologies evaluating tools and practices and providing technical direction.
Team Development - Building high-performing teams mentoring engineers fostering growth and
learning and creating inclusive collaborative environments.
Operational Excellence - Driving automation improving reliability optimizing costs measuring
effectiveness and promoting continuous improvement culture.