Devsecops Lead

The DevSecOps Lead will be responsible for setting up and institutionalizing the IIFL Finance DevSecOps practice across all technology domains. This role will define the standards, guardrails, and toolchains for secure software delivery in hybrid environments (Azure cloud and on-prem).

The DevSecOps Lead will ensure that every stage of the SDLCfrom planning to coding, building, testing, releasing, and operating—is automated, secure by design, and auditable. The role will partner with SRE, cybersecurity, risk, and application engineering teams to balance delivery velocity with security and compliance, while enabling modern digital practices such as frequent releases, zero downtime, and continuous security validation.

Key Responsibilities

• Establish the DevSecOps charter, operating model, and governance structure for IIFL Finance platforms
  
• Define and enforce security, compliance, and quality gates across CI/CD pipelines in hybrid environments
  
• Manage enterprise toolchains including GitLab Ultimate, GitHub Advanced Security, Jenkins, SonarQube, SAST/DAST, IaC scanning, and container scanning in collaboration with SI and vendor partners
  
• Embed automated vulnerability management, dependency scanning, policy as code, and secrets detection into delivery pipelines
  
• Drive integration of regulatory requirements (RBI, CERT-IN, DPDP, etc.) directly into DevSecOps workflows to ensure audit readiness
  
• Partner with SRE teams to align pipeline telemetry with observability and reliability dashboards
  
• Set up Infrastructure as Code practices using Terraform, Ansible, and Helm with embedded guardrails for secure, consistent, and compliant provisioning
  
• Lead cultural change by coaching development squads to adopt secure coding practices and automation-first delivery
  
• Define KPIs and dashboards to measure DevSecOps maturity, security posture, and pipeline health
  
• Serve as escalation and decision authority for pipeline failures, security exceptions, and toolchain adoption conflicts
  

Team Dedication – Key Skills

Domain Expertise

• Expertise in CI/CD platforms such as GitLab, GitHub, Jenkins, and Azure DevOps with advanced pipeline design and scaling in hybrid environments
  
• Ability to integrate security tooling including SAST, DAST, IaC scanning, container scanning, dependency management, and automated vulnerability remediation
  
• Knowledge of Infrastructure as Code tools such as Terraform, Ansible, and Helm with embedded compliance and governance controls
  
• Experience in hybrid delivery models across Azure DevOps pipelines, AKS clusters, and on-prem CI/CD runners
  
• Experience in policy-as-code frameworks such as OPA or Sentinel to enforce guardrails across pipelines and infrastructure provisioning
  
• Strong understanding of secure coding and quality practices including OWASP Top 10 and secure SDLC standards
  
• Compliance engineering skills to embed RBI, CERT-IN, PCI DSS, and DPDP requirements directly into pipelines and audit logs
  

Mindset and Behavior

• Security-first leadership with focus on embedding compliance and risk management into delivery processes
  
• Automation-driven mindset that eliminates manual approvals and security checks through automated controls
  
• Change agent who drives adoption of security as part of delivery rather than as an afterthought
  
• Risk-balanced decision-making that accounts for both speed of delivery and assurance of security
  
• Collaborative leadership style with ability to influence developers, SRE, InfoSec, audit, and vendor partners
  

Individual Skills

• Strong technical leadership to set standards, define guardrails, and ensure adoption across teams
  
• Problem-solving skills for pipeline failures, toolchain integration issues, and vulnerability remediation
  
• Governance and reporting expertise to build dashboards and compliance maturity models for CXOs and regulators
  
• Vendor and SI management capabilities to ensure successful onboarding, licensing, and optimization of DevSecOps toolchains
  
• Clear communication skills to translate technical practices into business outcomes for leadership and regulators
  

Agile / Digital Experience

• Experience embedding DevSecOps practices in agile squads with security and compliance integrated into backlog and sprint planning
  
• Use of DORA metrics and security KPIs to measure pipeline maturity and drive continuous improvement
  
• Hands-on experience integrating DevSecOps pipelines into ITSM platforms such as ServiceNow or Jira Service Management for end-to-end incident and change management
  
• Ability to scale pipelines to support microservices, APIs, mobile applications, and core banking workloads simultaneously