Job Description

About the Client

Our Client is a data and technology partner to the Financial Services Industry, with offices in Sydney, Melbourne, Wollongong, and Colombo, Sri Lanka. At its core, the organisation specialises in data-driven transformation and business optimisation. It partners with clients to transform business functions through the effective use of data and interoperability, offering a wide range of services and solutions.

About the Role

We are seeking a Team Lead / Associate Team Lead – DevSecOps to lead a team of engineers in integrating security across development and operations. This role focuses on building and scaling secure CI/CD pipelines, cloud environments, and application security practices through automation and strong governance.

In addition to DevSecOps leadership, experience in Security Operations (SOC), threat detection, and incident response will be highly beneficial. The role requires close collaboration with security teams to enhance the organisation's overall security posture and response capabilities.

Key Responsibilities

• Lead and mentor a team of DevSecOps engineers across cloud, application, and infrastructure security domains.
• Define and drive DevSecOps strategy, standards, and best practices across the organisation.
• Architect and oversee secure CI/CD pipelines, including SAST, DAST, SCA, container, and IaC scanning.
• Design and implement security solutions across Azure, AWS, and hybrid environments.
• Ensure secure Infrastructure as Code (IaC) practices using Terraform, ARM, or similar tools.
• Guide the implementation of container and Kubernetes security, including RBAC, network policies, and image scanning.
• Oversee secrets and identity management, including Azure Key Vault, AWS Secrets Manager, and IAM.
• Drive the automation of security processes, controls, and incident response integrations.
• Collaborate with DevOps, SOC, and engineering teams to embed security across the SDLC.
• Establish and monitor security KPIs, metrics, and reporting.
• Support and lead compliance initiatives such as SOC 2, ISO 27001, and CIS benchmarks.
• Align DevSecOps practices with threat detection and response strategies in coordination with SOC teams.
• Manage stakeholder and client engagements, providing technical leadership and guidance.

Requirements

• Team Lead: 6–8+ years of experience in DevOps, Security, or DevSecOps, including leadership experience.
• Associate Team Lead: 5+ years of experience with strong technical expertise and emerging leadership capabilities.
• Strong hands-on experience with CI/CD tools such as Azure DevOps, GitHub Actions, and Jenkins.
• Deep familiarity with cloud platforms (Azure and/or AWS) and security architecture.
• Strong experience with containerisation technologies such as Docker and Kubernetes.
• Proficiency in scripting (PowerShell, Python, Bash) and Infrastructure as Code (Terraform preferred).
• Strong understanding of application security (OWASP Top 10) and secure SDLC practices.
• Expertise in IAM, RBAC, Zero Trust, and network security principles.
• Proven experience in mentoring teams and managing technical projects.

Nice to Have (Highly Beneficial)

• Experience with security tools such as SonarQube, Snyk, Checkmarx, Prisma Cloud, or similar.
• Advanced experience in Kubernetes security and policy enforcement.
• Experience with policy-as-code tools such as OPA and Azure Policy.
• Hands-on experience with Azure Sentinel, Microsoft Defender suite, and Intune.
• Strong knowledge of KQL for threat detection and advanced analytics.
• Familiarity with Logic Apps or similar tools for security automation.
• Prior experience in Security Operations (SOC), incident response, or threat monitoring.
• Experience leading DevSecOps transformations or large-scale implementations.

Certifications

• Microsoft Cybersecurity Architect Expert
• Azure Solutions Architect Expert
• AWS Security Specialty
• CISSP, CKS, or equivalent

Interested candidates may send their CV to jobs@mindplus.global