Need - DevSecOps Lead ~ W2 Only

DevSecOps Lead (Architect)

Location: United States (remote; travel to customer sites as needed)

Type: Full-time

Team: Founding lead of a global team of 4 (Lead US 1 Senior UK 2 Seniors India)

Context

We build a Spring Boot microservices product deployed on-prem at enterprise customers. Engineering runs on Windows; Dev/QA CI/CD is on Azure DevOps with self-hosted Dev/QA servers. Today, server setup, deployments, and database/middleware (SQL Server, MongoDB, RabbitMQ) upgrades are all manual across Dev, QA, and customer production — and there is no monitoring or alerting in place. We are building a DevSecOps practice from the ground up to fix this.

What You Will Own

•     Define a standard reference architecture for customer on-prem deployments, with a small set of supported variations.

•     Automate server provisioning end-to-end — for self-hosted Dev/QA servers and for customer production environments — replacing today’s fully manual server setup with Infrastructure-as-Code (Terraform/Ansible/PowerShell DSC or equivalent).

•     Automate environment-to-environment software upgrades (application SQL Server MongoDB RabbitMQ) so that a release flows Dev → QA → customer production via pipelines, not manual steps.

•     Own Azure DevOps Pipelines for build, test, scan, package, release, and rollback.

•     Drive containerization maturity (Docker, Docker Compose, Kubernetes) and decide the right footprint for our product.

•     Bring creative automation ideas (self-service portals, ChatOps, GitOps, golden images, one-click installers for customer sites) and put governance around them — change control, approvals, audit trails, environment policies, role-based access.

•     Stand up monitoring and alerting across Dev, QA, and customer production (CPU/memory, service uptime, server health, DB growth, RabbitMQ queues).

•     Establish a security audit program: vulnerability scanning, SAST/DAST/SCA, image scanning, secrets management, server/DB/broker hardening.

•     Transition DevOps to a ticketing-based service model with defined SLAs; enforce structured intake; reduce direct-message-driven work.

•     Translate customer needs into technical requirements; act as the senior customer-facing technical voice for DevSecOps.

•     Hire, mentor, and lead the UK and India seniors; act in an interim product/strategy capacity until the team structure matures.

Must-Have

•     10 years in DevOps / DevSecOps / Infrastructure, with 3 years at architect or lead level.

•     Hands-on Azure DevOps Pipelines.

•     Deploying and operating Spring Boot (Java) microservices in production.

•     Strong Windows Server administration and PowerShell.

•     Infrastructure-as-Code (Terraform, Ansible, PowerShell DSC, or similar) for automated server provisioning.

•     SQL Server, MongoDB, RabbitMQ — automated deployments, upgrades, backups.

•     Containerization: Docker, Docker Compose, Kubernetes.

•     Security: vulnerability mgmt, SAST/DAST/SCA, image scanning, secrets vaults, hardening, audit readiness.

•     Monitoring/observability: PrometheGrafana, Azure Monitor, ELK, Datadog, or equivalent.

•     Setting up ticket-based service models and SLAs (Azure Boards, Jira Service Management, ServiceNow).

•     Customer-facing experience and willingness to travel.

•     Built a DevSecOps function from scratch.

•     Experience delivering enterprise software into on-prem customer environments.

Nice-to-Have

•     Certifications: AZ-400, CKA/CKS, CISSP.