DevSecOps Engineer (CICD & OpenShift)

Role: DevSecOps Engineer (CI/CD & OpenShift)

Location: San Francisco CA (Onsite)

Employment Type: Contract

Role Summary

We are seeking a DevSecOps Engineer to lead the architecture implementation and optimization of our CI/CD platforms and OpenShift (OCP)-based container application delivery. You will set strategy and standards for secure software supply chains automate everything from build to production and partner with product security and SRE teams to deliver reliable compliant and high-velocity releases at scale.

Youll be the technical authority for pipeline design GitOps OCP cluster/platform engineering and DevSecOps controls enabling teams to ship faster with built in security and observability.

Key Responsibilities

Platform Architecture & Ownership

• Own the end-to-end CI/CD architecture (e.g. GitHub Actions / Azure DevOps / Jenkins / GitLab CI) and OpenShift (OCP) platform setup across multiple environments (Dev Prod).
• Design and implement GitOps workflows (e.g. Argo CD/Flux) for declarative auditable and automated environment management.
• Define multi-tenant OCP standards: projects/namespaces RBAC network policies resource quotas/limits SCCs/PSa and cluster add-ons (ingress service mesh operators).

Security by Design (DevSecOps)

• Embed SAST/DAST/SCA/Secrets scanning into pipelines; enforce policy gates with tools like SonarQube OWASP ZAP Trivy/Grype Anchore Snyk or Aqua.
• Establish and automate SBOM image signing (cosign/Notary) provenance/attestations (SLSA) and supply chain risk controls.
• Harden OCP clusters and pipelines (image policies admission controllers network policies security contexts TLS secrets mgmt) per CIS NIST and organizational standards.

Build & Release Engineering

• Standardize pipeline templates (reusable parameterized) for microservices and data/ML workloads; optimize build caching parallelization and artifact/versioning strategies.
• Implement progressive delivery (blue/green canary) and rollout safeguards with Argo Rollouts or service mesh.
• Manage artifact repositories/registries (Nexus/Artifactory/Harbor Quay/OCP Image Registry).

Reliability Observability & Cost

• Instrument end-to-end observability (logs/metrics/traces) across CI/CD and OCP using tools like Prometheus Grafana Loki ELK/Elastic and OpenTelemetry.
• Improve pipeline and deployment MTTR reduce change failure rate and increase deployment frequency.
• Build capacity & cost visibility for OCP (cluster autoscaling right-sizing quota policies node pools/infra nodes FinOps guardrails).

Governance & Enablement

• Define governance for branching release versioning environment promotions access control and compliance evidence.
• Lead inner-source enablement (documentation starter repos golden paths developer portals/Backstage).
• Mentor engineers; lead root cause analysis for platform and release incidents.

Required Qualifications

• 10 years in DevOps/Platform/SRE/Build & Release; 3 years in a principal/lead capacity.
• Deep expertise in CI/CD: Git-based workflows; one or more platforms (GitHub Actions Azure DevOps Jenkins GitLab CI). Strong with YAML pipelines runners/agents caching artifact mgmt.
• Expertise in OpenShift (OCP): cluster administration Operators Routes/Ingress SCC/PSa Quay/registry Service Mesh (optional) and OCP GitOps (Argo CD). Kubernetes fundamentals required.
• Security: Hands-on with SAST/DAST/SCA container scanning SBOMs (CycloneDX/SPDX) image signing (cosign) secrets management (Vault/External Secrets) policy as code (OPA/Gatekeeper/Kyverno).
• Infrastructure as Code: Terraform/ArgoCD Helm/Kustomize; strong GitOps principles.
• Programming/Scripting: Proficiency in Bash and one of Python/Go/TypeScript for tooling and automation.
• Observability: Prometheus/Grafana ELK/Elastic/Loki OpenTelemetry; pipeline telemetry/SLIs.
• Cloud: Experience with at least one major cloud (AWS/Azure/GCP) integrating managed services with OCP (e.g. ROSA/ARO) or IPI/UPI installations.