Job Description

Overview:

Experience: 6-8 Years

Industry: Enterprise Applications / Energy / Manufacturing
Role Overview

The DevSecOps Architect is responsible for defining, architecting, and implementing an enterprise-wide DevSecOps and Software Factory (Secure SDLC) framework. This role will lead assessments and gap analysis of current development and delivery practices, design target-state DevSecOps architectures, and drive the implementation of secure software factory pipelines, tooling, and processes across the organization.

You will work closely with application development, platform engineering, security, operations, compliance, and business stakeholders to embed security and quality into every phase of the software development lifecycle, from planning to production.

Key Responsibilities

1. Assessment & Gap Analysis

Conduct detailed assessments of current SDLC, CI/CD, and security practices across application teams and platforms. Identify maturity levels for DevSecOps practices using industry frameworks (e.g., NIST SSDF, OWASP SAMM, BSIMM). Perform gap analysis of people, process, and technology against target DevSecOps and Secure SDLC capabilities. Document findings and provide prioritized remediation and improvement roadmaps.

2. Software Factory / Secure SDLC Framework

Define and architect a standardized Software Factory Model framework (Secure SDLC) for the enterprise. Develop reference architectures, blueprints, and patterns for:
o Source control and branch strategy

o CI/CD pipelines

o Security testing integration (SAST, DAST, SCA, secrets scanning, container scanning, IaC scanning)

o Artifact management and promotion

o Environment provisioning and configuration management

Define security and quality gates for each phase of the SDLC and pipeline stages. Establish standardized templates, configurations, and reusable components to accelerate adoption.

3. Enterprise DevSecOps Design & Implementation

Design and lead the implementation of DevSecOps practices across multiple business units and application portfolios. Define enterprise standards for:
o Build and release automation

o Infrastructure as Code (IaC) and GitOps

o Containerization and orchestration (e.g., Docker, Kubernetes)

o Secrets and key management

o Identity and access control for CI/CD, tools, and runtime environments

Integrate security controls into development workflows and pipelines (shift-left security). Collaborate with platform and cloud teams to architect secure, automated environments (on-prem, cloud, or hybrid).

4. Tooling Strategy & Integration

Evaluate and select DevSecOps tools in alignment with enterprise architecture and security requirements. Define toolchain integration patterns, including:
o SCM, CI/CD, security scanners, artifact repositories, registries, monitoring, and logging platforms.

Drive automation for:
o Policy-as-code

o Compliance-as-code

o Security controls and guardrails

Ensure logging, monitoring, and alerting capabilities are integrated into pipelines and runtime environments (e.g., SIEM, APM, observability platforms).

5. Governance, Policy & Compliance

Define and enforce DevSecOps and Secure SDLC policies, standards, and best practices. Align DevSecOps architecture with regulatory and compliance requirements. Implement automated controls and checks to validate compliance in pipelines and environments.

6. Enablement, Training & Change Management

Act as a primary DevSecOps and Secure SDLC evangelist across the enterprise. Provide coaching, guidance, and hands-on support to development and operations teams in adopting new practices and tools. Create and maintain documentation, playbooks, and standards for pipelines, security controls, and patterns. Conduct training sessions, workshops, and brown-bag sessions on DevSecOps principles and secure coding practices.

7. Continuous Improvement & Innovation

Continuously review and improve the Software Factory model and DevSecOps framework based on feedback, metrics, and evolving threats. Stay current with emerging technologies, methodologies, and security risks in DevOps, cloud, and application security. Pilot and introduce new practices (e.g., chaos engineering, zero-trust principles in CI/CD, SBOM management, supply-chain security).

Required Qualifications

Bachelor's degree in Computer Science, Information Technology, Engineering, or related field (or equivalent experience). 8+ years of experience in software development, DevOps, or platform engineering roles. 3+ years of specialized experience in DevSecOps, Application Security, or Security Architecture. Proven experience designing and implementing enterprise-scale CI/CD pipelines and DevOps toolchains. * Strong understanding of Secure SDLC concepts and frameworks (e.g., NIST SSDF, OWASP SAMM, OWASP Top 10, CWE).