Cloud DevSecOps Engineer

**Job Summary:** Synechron is seeking an experienced Cloud DevSecOps Engineer to embed security into cloud delivery pipelines and operational workflows. This role will focus on enabling secure, automated, and scalable cloud deployments within a shared responsibility model. The successful candidate will develop and maintain secure CI/CD pipelines, integrate security controls, and support cloud automation initiatives. This position plays a key role in ensuring that security and operational excellence are integral to our cloud transformation efforts, contributing to reliable and compliant cloud environments that support our business objectives. **Software Requirements:** * Required: + Git and GitHub/GitLab (version control and peer review workflows) + Infrastructure\-as\-Code tools (Terraform, Bicep, ARM templates) + CI/CD tools (Azure DevOps, Jenkins, GitHub Actions) + Security tools (Static Application Security Testing—SAST, Dynamic Application Security Testing—DAST, IaC scanning tools such as Checkov or tfsec) + Secrets management systems (Azure Key Vault, HashiCorp Vault) * Preferred: + Cloud security and compliance monitoring tools (Azure Security Center, AWS Security Hub) + Container orchestration (Kubernetes, AKS) + Configuration management tools (Ansible, Chef, Puppet) **Overall Responsibilities:** * Design, build, and continuously improve secure CI/CD pipelines integrated with security controls such as code scanning, secrets management, and infrastructure scanning. * Automate cloud infrastructure provisioning and deployment using Infrastructure as Code (IaC). * Embed security practices like vulnerability scanning, secrets management, and compliance validation into delivery workflows ("shift\-left" security). * Establish and promote standardized deployment patterns to improve reliability and operational risk mitigation. * Support application teams with automation initiatives, cloud migrations, and performance optimization. * Collaborate with platform, security, and operations teams to enhance security posture, pipeline integrity, and operational efficiency. * Monitor pipeline and platform security, troubleshoot issues, and implement continuous improvement processes. **Technical Skills (By Category):** *Programming Languages:* * Required: Bash, PowerShell scripting * Preferred: Python, YAML, Groovy *Databases/Data Management:* * Not typically core; familiarity with cloud\-native database security best practices (e.g., Azure SQL, Cosmos DB) is advantageous *Cloud Technologies:* * Required: Azure cloud services, especially Azure DevOps, Azure Security Center, Key Vault, AKS, and other Azure infrastructure components * Preferred: Multi\-cloud awareness (AWS, GCP) and hybrid cloud integrations *Frameworks and Libraries:* * Not applicable; focus on automation tools and security frameworks *Development Tools and Methodologies:* * Required: Git, Azure DevOps, Jenkins, GitLab, CI/CD pipeline design, Agile/Scrum practices * Preferred: GitOps principles, Infrastructure as Code practices, DevSecOps frameworks *Security Protocols:* * Required: Security best practices in cloud environments, secrets management, access controls, vulnerability scanning, compliance standards (ISO, SOC, GDPR, etc.) * Preferred: Implementation of security guardrails, API security, and automated compliance validation **Experience Requirements:** * 5 to 6 years of hands\-on experience in cloud engineering and DevOps/SecOps roles * Proven expertise in building and managing secure automation pipelines in cloud environments, especially Azure * Deep understanding of CI/CD principles, GitOps, and infrastructure as code * Experience integrating security controls such as code scans, IaC scans, secrets management, and compliance checks into automated workflows * Industry experience in regulated sectors or enterprise\-scale cloud deployments highly preferred * Alternative pathways include extensive DevOps experience in other cloud providers coupled with strong Azure security proficiency **Day\-to\-Day Activities:** * Develop, implement, and optimise secure CI/CD pipelines aligned with best practices and governance standards * Automate cloud infrastructure deployment using IaC, ensuring security and compliance are embedded from the start * Conduct security assessments of pipelines, identify vulnerabilities, and implement mitigation strategies * Collaborate with development teams for automation, migrations, and operational enhancements * Participate in security reviews, continuous improvement initiatives, and incident troubleshooting sessions * Maintain documentation of pipeline configurations, security controls, and deployment standards * Regularly review pipeline practices to enhance reliability, security, and operational efficiency **Qualifications:** * Bachelor’s degree in Computer Science, Information Technology, or related field; equivalent professional experience acceptable * Certifications such as Certified DevSecOps Engineer, Azure Security Engineer Associate, or equivalents are preferred * Formal training or certifications in cloud security, infrastructure as code, or related disciplines are advantageous * Commitment to ongoing learning and staying current with DevSecOps best practices and cloud security advancements **Professional Competencies:** * Analytical mindset with strong problem\-solving skills * Leadership in advocating security best practices across teams * Effective oral and written communication, with the ability to explain complex concepts clearly * Collaborative team player with a proactive, accountable mindset * Adaptability to evolving security threats, technologies, and operational requirements * Innovation\-driven approach to automating security and operational workflows * Excellent time management, prioritizing tasks to meet project deadlines and operational needs ***S*** ***YNECHRON’S DIVERSITY \& INCLUSION STATEMENT*** Diversity \& Inclusion are fundamental to our culture, and Synechron is proud to be an equal opportunity workplace and is an affirmative action employer. Our Diversity, Equity, and Inclusion (DEI) initiative ‘Same Difference’ is committed to fostering an inclusive culture – promoting equality, diversity and an environment that is respectful to all. We strongly believe that a diverse workforce helps build stronger, successful businesses as a global company. We encourage applicants from across diverse backgrounds, race, ethnicities, religion, age, marital status, gender, sexual orientations, or disabilities to apply. We empower our global workforce by offering flexible workplace arrangements, mentoring, internal mobility, learning and development programs, and more. All employment decisions at Synechron are based on business needs, job requirements and individual qualifications, without regard to the applicant’s gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. Candidate Application Notice