Director of DevOps & Security (DevSecOps)

Our technology organization is seeking a Director of DevOps & Security (DevSecOps) to lead the strategy, architecture, and operational execution of secure software delivery across our platform.

This leader will own the intersection of DevOps, cloud infrastructure, application security, and compliance, ensuring that engineering teams can ship secure, scalable, and highly reliable software in a regulated healthcare environment.

This role is ideal for a hands-on technical leader who understands how to scale modern engineering organizations while embedding security, compliance, and operational excellence directly into the delivery pipeline.

You will lead the transformation toward DevSecOps maturity, building automated, self-service platforms that allow developers to move quickly while maintaining strong governance and security posture.

What You’ll Own

DevOps & Platform Engineering Strategy

Lead the design and evolution of the organization’s cloud-native platform and DevOps ecosystem.

You will:

• Build scalable self-service infrastructure platforms that accelerate developer productivity
• Establish enterprise standards for CI/CD, infrastructure automation, and environment management
• Create “paved road” engineering platforms that balance speed, governance, and consistency
• Drive adoption of modern DevOps practices across engineering teams

Your mission is to make secure delivery the easiest path for developers.

Security Leadership & DevSecOps Integration

Security is a core pillar of this role.

You will lead the strategy and execution of application security, cloud security, and DevSecOps practices, embedding security directly into engineering workflows.

Responsibilities include:

• Defining security standards and governance across engineering and cloud environments
• Integrating security-by-design and shift-left security practices into development pipelines
• Driving adoption of modern DevSecOps tooling and automation
• Partnering with compliance, risk, and leadership teams to maintain a strong security posture

The goal is to build a secure-by-default engineering ecosystem where security becomes a built-in capability rather than a bottleneck.

Secure Software Delivery (SSDLC)

You will establish and operationalize a modern Secure Software Development Lifecycle.

This includes implementing automated security controls such as:

• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Software Composition Analysis (SCA)
• Container and artifact scanning
• Infrastructure-as-Code security validation
• Secrets management and encryption best practices

You will also define secure patterns for handling sensitive healthcare and regulated data.

Cloud Infrastructure & Microsoft Ecosystem

This role provides technical leadership across Microsoft cloud environments, including infrastructure, identity, and security architecture.

You will guide best practices for:

• Cloud architecture and resiliency
• Infrastructure-as-Code automation
• Identity and access management using modern zero-trust principles
• Network segmentation and cloud security architecture

Your work ensures the platform meets the demands of regulated healthcare technology systems while maintaining reliability and scalability.

CI/CD, Automation & Compliance Engineering

You will oversee the organization’s continuous integration and delivery platforms, enabling engineering teams to deliver software safely and efficiently.

Key priorities include:

• Standardizing build, test, and deployment pipelines
• Automating security checks and policy enforcement
• Embedding compliance controls directly into pipelines
• Reducing manual operational processes through automation

The result is a high-trust engineering environment where delivery velocity and compliance can coexist.

Observability, Reliability & Incident Response

You will define enterprise standards for monitoring, logging, and operational visibility across production environments.

Responsibilities include:

• Establishing modern observability practices
• Leading incident management and response processes
• Implementing reliability metrics aligned with SRE principles
• Driving continuous improvement through post-incident reviews

Key metrics include deployment reliability, recovery time, and system availability.

Infrastructure Operations & Service Reliability

This leader is accountable for the operational reliability of internal technology services and infrastructure.

You will oversee:

• Infrastructure service delivery and operational support
• Incident response and escalation management
• Service level agreements and operational performance metrics
• Continuous improvement of infrastructure services

You will also help establish clear operational frameworks for incident severity, response workflows, and on-call processes.

Leadership & Team Development

This role leads and mentors teams responsible for DevOps, platform engineering, and security operations.

You will:

• Build high-performing DevOps and security teams
• Partner closely with engineering leadership
• Foster a culture where security enables innovation rather than slowing it down
• Drive initiatives that improve platform maturity and developer experience

You will serve as a trusted technical advisor to both engineering leadership and executive stakeholders.

What We’re Looking For

We’re seeking a leader who combines deep technical expertise with strong operational leadership.

Required Experience

• 8+ years in DevOps, DevSecOps, Security Engineering, or Platform Engineering
• 5+ years leading technical teams responsible for infrastructure, security, or delivery platforms
• Hands-on expertise in modern cloud and DevOps ecosystems
• Experience operating within regulated healthcare or compliance-driven environments
• Strong understanding of secure software delivery and cloud security architecture

Technical Strengths

Candidates should have strong experience with:

• Cloud infrastructure and modern platform architecture
• CI/CD systems and automation pipelines
• Infrastructure-as-Code and platform automation
• Identity, access management, and security frameworks
• Observability, reliability engineering, and incident management

What Success Looks Like

Success in this role means building a platform where:

• DevOps and Security operate as one integrated engineering function
• Security and compliance are automated and embedded into engineering workflows
• Developers can ship secure, compliant software quickly and confidently
• The platform scales to support growth in modern healthcare technology systems
• Security posture improves continuously without slowing engineering delivery