Lead DevSecOps Engineer

System One Holdings, LLC

$110K — $140K *
Finance & Insurance
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of hands-on experience in DevSecOps or security automation engineering in enterprise environments.
  • Deep experience with Jenkins: shared libraries, pipeline-as-code, credential management.
  • Proficiency with Bitbucket: branch permissions, PR workflows, webhook automation.
  • Strong knowledge of Artifactory: dependency management and security scanning.
  • Advanced skills in Python: REST API integrations and automation scripting.
  • Expertise in Ansible for OS/middleware remediations on both Linux and Windows.
  • Experience with Terraform: module writing and state management.

Responsibilities

  • Lead the integration of security into CI/CD pipelines and architect secure cloud environments.
  • Build and lead the DevSecOps engineering practice across multiple execution crews.
  • Own the Definition of Done for vulnerability remediation across all mnemonics.
  • Coach offshore engineers on specific security practices and pipeline standards.
  • Manage security and reliability of Jenkins pipelines for vulnerability remediation.
  • Develop Ansible playbooks and Terraform modules for infrastructure remediations.
  • Identify automation improvements to enhance operational efficiency.

Benefits

  • Health and welfare benefits including medical, dental, and vision coverage.
  • 401(k) plan participation options.
  • Life insurance and voluntary plans available.
  • Spending accounts for health-related expenses.
Full Job Description
Job Title: Lead DevSecOps Engineer

Location: Pittsburgh, PA

Responsibilities

  • Lead the integration of security into CI/CD pipelines, architect secure cloud environments, and guide teams in adopting modern DevSecOps practices to ensure a secure-by-design engineering approach across cloud and application platforms.
  • Build and lead the DevSecOps engineering practice across all three execution crews: Platform & Infra, Application/Data/Middleware, and Container & TRC.
  • Own the Definition of Done for vulnerability remediation across all 130 mnemonics, ensuring proper validation, closure, and compliance with Archer POAM closure requirements.
  • Coach offshore engineers on PNC-specific practices including Bitbucket branching standards, Jenkins pipeline security gates, PAC enforcement, and container security policies.
  • Manage the security and reliability of Jenkins pipelines used for vulnerability remediation automation, including implementing and maintaining security gates and reusable pipeline components.
  • Own Bitbucket repository structure, branching standards, and manage workflow configurations to enforce quality and security standards.
  • Implement and maintain client PAC policy rules governing vulnerability automation, ensuring compliance with security policies before execution.
  • Develop Ansible playbooks and Terraform modules for infrastructure remediations, ensuring automated compliance evidence generation for audits.
  • Own operations and health of vulnerability tools (Archer, Tanium, Sysdig, SecurityCenter, Imperva), maintaining integrations and ensuring correct alert processing and scan coverage.
  • Manage secrets via CyberArk, ensuring least-privilege access and integrating secrets management within pipelines.
  • Build and maintain a unified vulnerability SLA dashboard in Archer with real-time vulnerability data, along with automated weekly SLA reports.
  • Drive shift-left security practices within client application teams by embedding PAC checks and container security scans in the development pipeline.
  • Identify automation improvements to increase efficiency and contribute operational insights to improve AI/ML triage engines.


Requirements

  • 7+ years of hands-on DevSecOps or security automation engineering experience in enterprise environments.
  • Deep experience with Jenkins: shared libraries, pipeline-as-code, credential management, plugin administration, troubleshooting.
  • Proficiency with Bitbucket: branch permissions, PR workflows, webhook automation, Jenkins integration.
  • Strong knowledge of Artifactory: dependency management, artifact promotion, repository configuration, security scanning.
  • Advanced Python skills: REST API integrations, automation scripting, data pipeline code.
  • Expertise in Ansible: playbook creation for OS and middleware remediations on Linux and Windows.
  • Experience with Terraform: module writing, state management, change governance.
  • Familiarity with policy-as-code tools like OPA/Conftest and runtime enforcement.
  • REST API integrations with Archer GRC, ServiceNow, Jira.
  • Container operations: Docker, OpenShift/OCP, image management, container security.
  • Practical experience with vulnerability platforms: Archer GRC, Tanium, SecurityCenter.
  • Secrets management expertise, specifically CyberArk.
  • Understanding of banking/financial services environment, including CAB process, change windows, deployment governance, and audit requirements.


Preferred Qualifications

  • Familiarity with Converge, Micron framework, CaaS/OCP configurations, or BTI retail/lending mnemonic structures.
  • Sysdig operational experience for container vulnerability scanning and alert management.
  • Tanium endpoint detection and vulnerability data extraction.
  • AI/ML pipeline experience, including LangChain or similar AI agent integration.
  • Production-level Jira administration and Confluence documentation.


System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

#M-

#LI-

Ref: #404-IT Pittsburgh

Similar Jobs

More Jobs at System One Holdings, LLC

More Finance & Insurance Jobs

Find similar Lead DevSecOps Engineer jobs: