Lead DevSecOps

Position: Lead - DevSecOps

Job Location: Hyderabad India

Department: Global Technology

Role Value Proposition

MetLife is offering an exciting opportunity to contribute to our digital and AI transformation journey. We are seeking an experienced technology leader to drive the transformation that will enable business results.

The DevSecOps Lead has the responsibility of leading and driving the DevSecOps practices to enable the delivery of high quality software in an Agile environment. This includes help define and implement the best practices in the process of development using CI/CD, putting right tollgates of quality, security and production deployments. The role will also be responsible for monitoring the compliance to Enterprise DevSecOps standards and continuous measurement of status and progress of each application in this area.

Key Responsibilities:

• People Management - Managing DevSecOps resources located in Inda, upskilling/reskilling, hiring and retention, including adoption of engineering culture
• Stakeholder Management Working with key technology stakeholders to deliver DevSecOps strategies and capabilities to support the digital transformation agenda.
• Ways of Working Adoption of the Agile ways of working in the software delivery lifecycle.
• E2E DevSecOps Lifecycle Management

1. Develop pipelines for build, deployment and delivery (CI/CD)
2. Help define DevSecOps Design at the Solution level.
3. Build new features/best practices in DevSecOps process to enhance CI/CD process and innovate on existing processes.
4. Responsibility for security, ensuring it is fully integrated into every stage of the development journey, continually delivering security throughout the software development and delivery process.
5. Lead the planning and documentation of complex CI/CD strategies based on customer needs.
6. Maintain DevSecOps pipelines and CI/CD configurations and perform reviews of the same.
7. Analyze and repair broken pipelines and failures.
8. Investigate, diagnose, and repair complex pipelines, testing bugs, and manage CI/CD reports.
9. Understand business processes at the Solution level to integrate industry best practices into DevSecOps process.
10. Tracks usage of DevSecOps practices across business units.

Candidate Qualifications - Essential Business Experience and Technical Skills:

Education:

Bachelor in Computer Science or equivalent

Experience

8+ years in leading DevSecOps teams to help drive the digital transformation in financial services or technology domain.

Developing and implementing DevSecOps practices using modern technology stack and patterns.

Familiarity with various CI/CD methodologies and their corresponding tools.

Proficiency in DevSecOps including CI/CD, automation, security best practices built into the process, continuous monitoring and Agile ways of working.

Strong experience in driving DevSecOps transformation

Proven track record in partnering with the business to support DevSecOps of mission critical transformation via Agile approach.

Skills and Competencies:

Competencies

Hands-on in DevSecOps

Proficient in defining CI/CD pipelines, security best practices, deployment best practices in cloud using Azure or equivalent public cloud.

DevSecOps Strategy: Align the Strategy with Agile Development Model and use relevant techniques such as blue green deployments, canary release, continuous security scanning etc. to implement scalable DevSecOps practices

Communication: Ability to influence and help communicate the organization's direction and ensure results are achieved

Collaboration: Proven track record of building collaborative partnerships and ability to operate effectively in a global environment

People Management: Inspiring, motivating and leading diverse and distributed teams

Diverse environment: Can-do attitude and ability to work in a high paced environment

Tech Stack

Development & Delivery Methods:

Agile (Scaled Agile Framework)

Languages and Scripting:

Java, Python, YAML, Groovy, Shell, awk, Ansible, Terraform

DevSecOps:

Azure DevOps, Jenkins, JFrog or Nexus, GitHub, Maven/Ant/Gradle

Security:

SonarQube, Veracode, Fortify

Container and Orchestration Platforms

Azure Kubernetes Services (AKS), Docker, Spring boot

Release and Monitoring Tools and Methodologies:

Blue Green Deployment, Canary release, Splunk, AppDynamics