Key skills
DevSecOpsAWSAzureInfrastructure-as-CodeAnsibleCI/CD pipelinesGitHub ActionsGitLab CIAzure DevOpsJenkinsPowerShellShell scriptingPythonCloud security frameworksNetwork securityIdentity and access managementCIS BenchmarksNISTHIPAAMicroservicesServerlessKubernetesCloud governanceCost managementAI/ML developer toolingSecurity compliance frameworksShellAIMLDockerVaultIAMIdentity ManagementGitHubGitLabCI/CDLeadershipProject ManagementMentoringCommunicationNetwork SecurityCloud Security
About this role
ComPsych is the worldwide leader in organizational mental health and well-being. They are seeking a Lead DevSecOps Engineer to serve as a hands-on technical leader who embeds security into every stage of the software delivery lifecycle across a multi-cloud environment, while mentoring a team of engineers and establishing best practices.
Responsibilities:
- Serve as a technical subject matter expert and mentor DevSecOps engineers, providing guidance on industry best practices, secure design standards, and technical growth opportunities
- Define, document, and evangelize DevSecOps standards, reference architectures, and engineering guardrails across teams
- Design, build, and maintain secure CI/CD pipelines with automated security gates (SAST, DAST, SCA, secrets scanning, and container/image scanning)
- Architect and manage multi-cloud infrastructure across AWS, Azure, and other providers, ensuring consistency, resilience, security, and cost-effectiveness
- Develop and maintain Infrastructure-as-Code using open-source, commercial, and/or cloud-native frameworks, along with configuration management tools such as Ansible
- Embed security controls and policy-as-code into deployment workflows and enforce compliance guardrails
- Evaluate and integrate AI tooling into DevSecOps CI/CD pipelines where appropriate to improve automation, security coverage, and engineering efficiency, establishing responsible-use guidelines for the team
- Manage vulnerability management and support incident response for cloud and pipeline infrastructure, conducting root cause analysis for effective resolution
- Deploy monitoring, logging, and alerting to proactively detect issues, resolve bottlenecks, and optimize resource utilization across environments
- Manage secrets, identity, and access (IAM, RBAC, Key Vault, Secrets Manager, and secrets-management platforms)
- Evaluate container and orchestration technologies (e.g., Docker, Kubernetes), establish standards and best practices, and ensure their secure rollout and ongoing operational support
- Enhance cloud performance, availability, security, and cost-effectiveness by implementing best practices and standards
- Stay current on the latest multi-cloud and DevSecOps trends and technologies, evaluating and recommending new tools and services
- Partner closely with Security Engineering teams—specifically Application Security (AppSec) and Infrastructure Security (InfraSec)—to operationalize their findings and controls within CI/CD pipelines and cloud infrastructure
- Collaborate with internal teams to align and integrate secure cloud solutions with application development efforts
- Participation in an on-call rotation
- Other tasks as required
Requirements:
- Bachelor's degree in Information Technology, Computer Science, or another relevant field required
- 8+ years of relevant DevOps, security, or cloud engineering experience, with a demonstrable focus on DevSecOps (10+ years preferred for Distinguished level)
- Demonstrated leadership experience mentoring or leading engineers and setting technical standards
- Relevant industry certifications in either AWS or Azure (e.g., AWS Certified Solutions Architect / Security – Specialty, Azure Solutions Architect Expert, Azure DevOps Engineer Expert, or comparable cloud certifications)
- Deep hands-on expertise across at least two major clouds, including AWS and Azure
- Strong proficiency with Infrastructure-as-Code (cloud-native and open-source frameworks) and configuration management tools such as Ansible
- Proven track record building secure CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Azure DevOps, Jenkins)
- Strong scripting and automation skills (PowerShell, Shell, Python, or similar)
- Solid grasp of cloud security frameworks, network security, segmentation strategies, and identity management
- Experience applying security and compliance frameworks and benchmarks, such as CIS Benchmarks, NIST, and HIPAA
- Familiarity with microservices, serverless, and container orchestration (e.g., Kubernetes)
- Familiarity with cloud governance, cost management, and optimization techniques
- Experience integrating or evaluating AI/ML developer and security tooling
- Self-starter with the ability to multi-task and work autonomously
- Excellent organizational and project management skills
- Effective interpersonal and communication skills
- Consistent and reliable high-speed internet and workspace free from distraction, disruption, or noise is required
- Ability to be present on camera during work-related trainings, meetings, and/or events
- Must be able to sit or stand at a desk for prolonged periods while working on a computer