Lead DevOps Engineer

Benefits

Additional Information

Lead DevOps Engineer WHAT MAKES US, US Join some of the most innovative thinkers in FinTech as we lead the evolution of financial technology. If you are an innovative, curious, collaborative person who embraces challenges and wants to grow, learn and pursue outcomes with our prestigious financial clients, say Hello to SimCorp! At its foundation, SimCorp is guided by our values - caring, customer success-driven, collaborative, curious, and courageous. Our people-centered organization focuses on skills development, relationship building, and client success. We take pride in cultivating an environment where all team members can grow, feel heard, valued, and empowered. If you like what we're saying, keep reading! WHY THIS ROLE IS IMPORTANT TO US As a Lead DevOps Engineer on the CRC DevOps team, you will design, develop, and maintain the automation frameworks that provision, configure, and manage Azure-hosted Windows infrastructure for SimCorp's Client Reporting clients. You will work across the full infrastructure lifecycle -- from initial environment builds through ongoing configuration management, security compliance, and operational automation. This is a hands-on engineering role with significant ownership over infrastructure tooling and automation. You will contribute to an active migration from legacy imperative scripting to declarative Desired State Configuration (DSC) patterns, develop and maintain Terraform-based infrastructure deployments, and build PowerShell modules and CI/CD pipelines that enable repeatable, consistent operations across all client environments. As a lead member of the team, you will help drive technical strategy and architectural decisions, mentor other engineers through design reviews and best-practice sharing, and be proactive in seeking out opportunities to increase the level of automation in the service. WHAT YOU WILL BE RESPONSIBLE FOR Infrastructure as Code Development Develop and maintain Terraform configurations for multi-stage Azure infrastructure deployments (networking, key vaults, platform resources, VMs, automation accounts, and SSO) Build and enhance PowerShell-driven Terraform generation pipelines that transform client XML configurations into deployment-ready Terraform JSON Manage Terraform state across 20+ client subscriptions Configuration Management and DSC Migration Drive the ongoing migration from legacy imperative PowerShell build scripts to declarative PowerShell Desired State Configuration (DSC) Develop custom DSC resource modules for Windows OS, SQL Server, IIS, Active Directory Group Policy, and application-specific configurations Build and maintain DSC "Merge" functions that transform client XML configuration data into structured inputs for DSC compilation Create role-based DSC configurations for server types including Domain Controllers, SQL Servers, IIS Servers, BPM Servers, and Application Servers PowerShell Module and Automation Development Design and develop modular PowerShell modules following established conventions (public/private function directories, manifest files, Allman brace style) Build Azure Automation runbooks for operational tasks such as health checks, credential rotation, backup management, and user provisioning Create and maintain Pester (v5) unit tests for modules, merge functions, and DSC configurations Enforce code quality through PSScriptAnalyzer rules and peer code review CI/CD Pipeline Engineering Develop and maintain Azure DevOps YAML pipelines for module builds, runbook publishing, Terraform deployments, DSC deployments, and client configuration processing Implement multi-stage deployment pipelines with approval gates and change detection Manage Azure DevOps Artifacts feeds for internal PowerShell module and runbook distribution Build automated testing and validation into pipeline workflows Investigate and resolve incidents impacting the code pipeline; implement and deploy fixes to recover from delivery issues Security and Compliance Manage Azure Key Vault configurations for credential storage, certificate management, and encryption key rotation (BitLocker, SQL TDE) Implement and maintain security controls including NSG rules, Check Point firewall policies, and SSL/TLS hardening Support SOC2 audit evidence collection and compliance requirements Manage cryptographic asset lifecycles including LetsEncrypt certificate automation and SQL asymmetric key rotation Implement data loss prevention policies and Windows security hardening via Group Policy Networking and Connectivity Manage hub-and-spoke VNet architecture with management network peering across all client subscriptions Configure and troubleshoot site-to-site VPN connections with client networks Work with Check Point firewall appliances for security policy, URL filtering, and intrusion prevention Manage Azure DNS zones and client AD-internal DNS configurations Collaboration and Knowledge Transfer Mentor and guide other engineers through design reviews, code review