Principal DevSecOps Engineer

About the position

The Principal DevSecOps Engineer is responsible for architecting and implementing comprehensive DevSecOps practices for a casino management system. This role requires a deep technical background in software development, security practices, and operations, focusing on creating secure, scalable, and efficient deployment pipelines. The engineer will lead cross-functional teams to integrate security throughout the software development lifecycle and guide the organization in adopting best practices.

Responsibilities

• Define, champion, and implement a robust DevSecOps strategy that aligns with business objectives, enhances operational efficiency, and ensures regulatory compliance.
• Architect CI/CD pipelines and DevSecOps frameworks that support rapid and reliable software delivery while embedding security at every stage of the development lifecycle.
• Drive the integration of advanced security practices into the development lifecycle, including threat modeling, automated security testing (SAST/DAST), and comprehensive vulnerability management.
• Lead the adoption of IaC tools (e.g., Terraform, AWS CloudFormation) to automate provisioning and management of secure infrastructure.
• Design and oversee secure deployment strategies for single and multi-tenant environments, ensuring optimal resource isolation and performance.
• Implement and optimize monitoring, logging, and alerting systems to ensure system reliability and security compliance.
• Develop incident response plans and security policies, fostering a proactive security culture.
• Partner with development, QA, and operations teams to drive a culture of security awareness and best practices in software development and deployment.
• Provide technical leadership and mentorship to DevSecOps teams, fostering professional growth and promoting a culture of innovation and continuous improvement.
• Establish and maintain comprehensive documentation of DevSecOps processes, standards, and best practices, ensuring alignment across teams.

Requirements

• Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 10+ years of experience in software development, operations, and security, with at least 5 years in a principal or lead DevSecOps role, preferably in the gaming or casino industry.
• Expertise in CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) for automating build and deployment processes.
• Extensive experience with configuration management tools (e.g., Ansible, Chef, Puppet) for maintaining system configurations.
• Deep knowledge of containerization technologies (e.g., Docker, Kubernetes) and orchestration for deploying and managing applications at scale.
• Demonstrated experience with IaC tools (e.g., Terraform, AWS CloudFormation) for automating infrastructure provisioning and management.
• In-depth knowledge of security frameworks and tools, including SAST, DAST, and SIEM solutions.
• Strong experience with cloud services (e.g., AWS, Azure, Google Cloud) and their security configurations and best practices.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating workflows and integrations.
• Exceptional leadership, communication, and collaboration skills to influence and guide diverse teams and stakeholders.

Nice-to-haves

• Experience in the gaming or casino industry.
• Proven track record of driving cultural change within organizations, fostering a proactive approach to security and DevSecOps practices.