Design and maintain integrations across development, CI/CD, security and workflows tools to ensure seamless and auditable pipelines.
Embed security controls and automation across CI/CD pipelines consistent with DevSecOps principles.
Partner with application security and risk teams to operationalize policies for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Provide technical leadership across all stages of the SDLC, including design, development, testing, release and maintenance.
Define and promote best practices, technology standards, and engineering standards for the Development Architecture and DevOps team.
Develop and delivery training, documentation, and hand-on enablement for development and security tooling.
Collaborate with Architecture, Infrastructure, Security and Risk teams to align tooling with enterprise standards.
Act as a trusted advisor and mentor development teams by providing guidance on secure coding practices, pipeline security, modern DevOps practices and assist in remediation of security findings.
Supports audits and regulatory reviews by providing evidence, documentation, and tool transparency.
Evaluate new tools and capabilities, providing recommendations based on risk, scalability, and business value.
Requirements
10+ years of experience in software engineering, DevOps, or platform engineering roles.
Bachelor's degree in related field required; Masters or MBA in related field preferred.
Strong hands-on experience administering enterprise development platforms such as Azure DevOps and/or GitHub Enterprise.
Proven expertise with application security tooling, including SAST, DAST, and SCA solutions. (SonarQube, Invicti, GitHub Advanced Security preferred)
Deep understanding of the software development lifecycle (SDLC) and DevSecOps best practices.
Proficiency in Git including branching strategies and pull request best practices.
The Objective mindset that can think 'enterprise first' and remain unbiased toward any specific technology or vendor choice, with decisions made based on data, analysis, & POC results.
Advanced to expert experience in leading cross-functional teams and managing multiple projects simultaneously. Demonstrated ability to mentor, train, and influence engineers across multiple teams.
Advanced to expert familiarity with the capability model across IT and the applications and infrastructures available for engagement in solutioning across the bank to develop results that leverage existing capabilities in addition to implementing new solutions when required.
Expert documentation and communication skills, with the ability to translate complex technical topics for broad audiences.
Experience in the following tools and technologies: Atlassian Confluence, LucidChart, Ansible, Terraform, Kubernetes is preferred.
Advanced to expert knowledge with regulatory frameworks such as SOX, FFIEC, NIST, or similar is preferred.
Advanced knowledge operating in a regulated or financial services enviro
Additional Information
Job Title:
Principal Engineer II - DevOps Development Architecture
Location:
Block 23
Westernalliancebank · Phoenix, AZ