DevOps Engineer

Role Summary

Work with us to build modern Insurtech AI underpinned solutions, we are a growing team of hands on architects striving to build high quality solutions for our internal and external customers. The DevSecOps Engineer implements and maintains CI/CD pipelines, infrastructure automation, and security controls across the Xceedance insurance ecosystem. This role combines software development, operations, and security expertise to enable rapid, secure, and reliable software delivery with emphasis on shift-left security practices and automation using Microsoft Azure as the primary platform.

Key Responsibilities

CI/CD Pipeline Development - Designs and implements comprehensive CI/CD pipelines using Azure DevOps Pipelines, GitHub Actions, and GitLab CI automating build, test, security scanning, and deployment processes. Creates pipeline-as-code using YAML ensuring version control, peer review, and repeatability. Implements multi-stage pipelines supporting development, testing, staging, and production environments with appropriate quality gates and approval workflows. Designs pipeline templates and reusable components accelerating pipeline creation across teams while ensuring consistency and best practices. Integrates automated testing including unit tests, integration tests, end-to-end tests, and performance tests within pipelines ensuring quality before deployment.

Infrastructure as Code & Automation - Automates infrastructure provisioning using Terraform for multi-cloud deployments, Azure Bicep for Azure-native resources, ARM templates for complex Azure configurations, and Pulumi for developer-friendly infrastructure definitions. Implements GitOps workflows ensuring all infrastructure changes are version controlled, reviewed, and traceable. Designs modular, reusable infrastructure code with parameterization supporting multiple environments and configurations. Implements infrastructure testing validating configurations before deployment using tools like Terratest and policy validation frameworks. Creates self-service infrastructure provisioning enabling development teams to request resources through standardized templates while maintaining governance and cost control.

Container Orchestration & Management - Implements containerization strategies using Docker for application packaging ensuring consistency across environments. Designs Kubernetes deployments, services, config maps, secrets, and persistent volume configurations supporting stateless and stateful applications. Creates Helm charts for application packaging and deployment enabling version management and configuration templating. Implements Kubernetes security best practices including pod security policies, network policies, RBAC, and secrets management. Designs container image pipelines including building, scanning, signing, and publishing to container registries (Azure Container Registry, Harbor). Implements container monitoring and logging collecting metrics and logs from containerized applications.

Security Integration & Shift-Left - Integrates security scanning tools into CI/CD pipelines including static application security testing (SAST) using SonarQube and Checkmarx, dynamic application security testing (DAST), software composition analysis (SCA) using Snyk and WhiteSource for vulnerability scanning, and infrastructure scanning using Checkov and Terrascan. Implements container image scanning detecting vulnerabilities in base images and application dependencies before deployment. Integrates secrets scanning preventing hardcoded credentials, API keys, and certificates from being committed to source control. Implements security quality gates blocking deployments failing security thresholds ensuring vulnerabilities are addressed before production. Creates security dashboards and reports providing visibility into security posture across applications and infrastructure.

Cloud Infrastructure Management - Manages Azure infrastructure including compute (Virtual Machines, App Services, AKS), networking (Virtual Networks, Load Balancers, Application Gateway), storage (Blob Storage, Azure Files), and platform services. Implements infrastructure monitoring using Azure Monitor, Log Analytics, and Application Insights collecting metrics, logs, and traces. Designs auto-scaling configurations optimizing resource utilization based on demand patterns. Implements disaster recovery and backup strategies ensuring business continuity. Manages cost optimization implementing resource tagging, right-sizing recommendations, and reserved instance planning.

Observability & Monitoring - Implements comprehensive monitoring solutions collecting infrastructure metrics, application performance data, and business metrics. Designs logging strategies centralizing logs from applications, containers, and infrastructure using Azure Log Analytics, ELK stack, or Splunk. Implements distributed tracing for microservices using Azure Application Insights, Jaeger, or Tempo enabling end-to-end request tracking. Creates dashboards and visualizations using Grafana or Azure Dashboard providing real-time visibility into system health. Configures alerting and notification systems triggering automated responses or escalations based on metric thresholds and anomaly detection.

Deployment Strategies & Release Management - Implements advanced deployment strategies including blue/green deployments for zero-downtime releases, canary deployments gradually rolling out changes, and progressive delivery using feature flags. Designs rollback mechanisms enabling quick recovery from problematic deployments. Implements approval workflows for production deployments ensuring change control and auditability. Creates deployment automation reducing manual intervention and human error. Establishes deployment metrics tracking deployment frequency, lead time, change failure rate, and mean time to recovery (DORA metrics).

Configuration Management & Secrets - Implements configuration management using Azure App Configuration, environment variables, and configuration files supporting different environments without code changes. Designs secrets management using Azure Key Vault, HashiCorp Vault, or AWS Secrets Manager protecting sensitive information including database passwords, API keys, and certificates. Implements secret rotation policies ensuring credentials are regularly updated. Creates access controls restricting secret access to authorized services and personnel. Implements audit logging tracking secret access and modifications.

Collaboration & Support - Collaborates with development teams, QA teams, security teams, and operations teams implementing DevSecOps practices across the organization. Provides training and documentation helping teams adopt CI/CD pipelines and infrastructure automation. Troubleshoots pipeline failures, deployment issues, and infrastructure problems providing timely resolution. Participates in incident response investigating outages and implementing preventive measures. Conducts post-mortems analyzing incidents and driving continuous improvement.

Automation & Scripting - Develops automation scripts using PowerShell, Bash, Python, and Go automating repetitive operational tasks. Creates tools and utilities improving developer productivity and operational efficiency. Implements ChatOps integrations enabling teams to interact with infrastructure and deployments through chat platforms. Automates compliance checks and reporting reducing manual audit effort.

Required Skills

• CI/CD: Azure DevOps Pipelines, GitHub Actions, GitLab CI, Jenkins

• Infrastructure as Code: Terraform, Bicep, ARM templates, Pulumi

• Containers: Docker, Kubernetes, Helm charts

• Security: Security scanning tools (SonarQube, Checkmarx, Snyk)

Required Experience

Five or more years in DevOps, systems engineering, or software development with three years implementing CI/CD pipelines and infrastructure automation. Hands-on experience with Azure DevOps and GitHub Actions building production pipelines. Proven track record automating infrastructure using Terraform or Bicep managing cloud resources at scale. Experience with container technologies including Docker and Kubernetes deploying containerized applications.

Evidence of integrating security tools into pipelines implementing shift-left security practices. Experience troubleshooting production issues, participating in incident response, and implementing reliability improvements. Preference for candidates with insurance or financial services experience understanding regulatory compliance requirements.

Required Certifications

Microsoft Certified: Azure DevOps Engineer Expert (AZ-400), Microsoft Certified: Azure Administrator Associate (AZ-104). Valuable additions: AWS Certified DevOps Engineer - Professional, Certified Kubernetes Administrator (CKA), HashiCorp Certified Terraform Associate, Certified Kubernetes Security Specialist (CKS).

Key Competencies

Automation Mindset - Identifying opportunities for automation, reducing manual processes, improving efficiency, and enabling self-service capabilities.

Security Awareness - Understanding security principles, implementing security controls, detecting vulnerabilities, and promoting security-first culture.

Problem Solving - Troubleshooting complex issues, analyzing root causes, implementing permanent fixes, and preventing recurrence.

Collaboration - Working effectively with cross-functional teams, sharing knowledge, documenting processes, and promoting DevSecOps practices across organization.