Principal DevSecOps Engineer

Why Work for Us We Power the Nation. Make the most of your talents and develop products that can create impact on a national scale. We are an in-house software team, assembled to move with speed and deliver with quality. We Build Reliable Solutions. For Customers, Company and Country. You will be part of the Digital Technology Team and together, you will innovate, create, and deploy digital products that will empower more than 3,800 employees within SP Group and improve the quality of life for more than 1.7 million commercial, industrial and residential customers that SP Group serves. We build solutions that enable sustainable high-quality lifestyles and help consumers save energy and cost, as well as supporting national goals for a sustainable liveable city. Now, imagine the impact you can create. What You’ll Do Drive the strategy, improvement, and implementation of our DevSecOps practices across all engineering teams. Bridge the gap between development, operations, and security teams by fostering collaboration, aligning priorities, and ensuring seamless integration of security practices across the SDLC. Embed security by design throughout the entire software development lifecycle, from planning and development to release and operations, enabling teams to innovate securely and efficiently. Make strategic and technical decisions on cybersecurity priorities. Define, evangelize, and drive the multi-year DevSecOps strategy and roadmap for the entire engineering organization. Serve as the primary technical advisor and domain expert on all security-related matters for senior leadership and product teams. Architect and lead the development of foundational, self-service security platforms and services that empower engineering teams to build, test, and deploy secure applications at scale. Act as a hands-on architect, performing in-depth threat modeling, design reviews, and code reviews on mission-critical systems. Drive the adoption of new security technologies and methodologies by creating reusable patterns, frameworks, and reference architectures. Establish and manage a robust vulnerability management program, prioritizing and tracking the remediation of security findings. Design and build sophisticated security automation and tooling that scales with the company's growth, including advanced CI/CD pipeline security controls and automated vulnerability management systems. Solve the company’s most challenging security and scalability problems with elegant, scalable, and resilient solutions. Lead cross-functional initiatives involving multiple business units (e.g., Legal, Product, and Engineering) to ensure that security and compliance requirements are met proactively. Represent the engineering organization in company-wide security governance and risk management discussions. Mentor and coach senior engineers across the company, fostering a culture of security ownership and continuous improvement. Communicate complex cybersecurity risks and technical decisions to a wide range of stakeholders, from junior engineers to the C-suite. Act as a company-wide technical evangelist for security, delivering presentations and workshops to inspire a security-first mindset. Represent the organization in external forums such as industry conferences, open-source communities, and in the broader tech networks to promote secure engineering practices and support talent engagement What You’ll Need Minimum of 10 to 15 years of progressive experience in software engineering, DevOps, or cybersecurity, with a strong emphasis on driving large-scale security initiatives. Proven experience in a senior-level engineer or architect role, with a track record of driving significant, company-wide technical and cultural change. Demonstrated ability to architect, build, and secure complex cloud-native systems and microservices at scale. Expertise in designing and implementing secure CI/CD pipelines on platforms like GitLab CI, Jenkins, or GitHub Actions. Expertise in at least one major programming language (e.g., Python, Go, Java, or similar) with a focus on writing secure, maintainable code. Deep knowledge of cloud platforms (AWS, Azure, or GCP), their security services, and Infrastructure as Code (IaC) tools like Terraform. Mastery of containerization and orchestration technologies (Docker, Kubernetes) and their security best practices. Comprehensive understanding of the attacker\'s perspective and a deep knowledge of security tools and practices, including SAST, DAST, SCA, secrets management, and secrets scanning. Strong familiarity with major security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001). Exceptional leadership and communication skills, with a proven ability to influence and guide stakeholders at all levels. Outstanding problem-solving and critical-thinking skills, with a knack for identifying the root cause of complex, ambiguous problems. High degree of adaptability, intellectual curiosity, and a continuous learning mindset. Certified Information Systems Security Professional (CISSP) is a plus. Azure/AWS Certified Security - Specialty, or other cloud-specific security certifications, are a plus. GIAC certifications (e.g., GWEB, GPEN, GCSA) are a plus. What We’ll Provide Opportunity to work on the cutting edge of digital engineering practices. Collaborative and fast-paced work environment. Be at the forefront of shaping our company's digital future. #J-18808-Ljbffr