About the Role

We are looking for a hands-on Principal DevSecOps Engineer to drive platform and DevSecOps enablement across a large-scale public-sector environment.

This role focuses on building, standardising, and enabling CI/CD, IaC, security, and observability practices so that product teams can build, release, and operate services independently and safely.

You will act as the technical nucleus of a DevSecOps Enablement Centre of Excellence (CoE) - shaping shared tooling, patterns, and ways of working. This is not a governance-only or documentation-heavy architecture role; you will be actively designing and implementing solutions alongside delivery teams.

What You'll Be Doing

Hands-on Platform & DevSecOps Enablement

• Design and implement standardised CI/CD pipelines, IaC modules, security checks, and observability patterns.
• Work directly with engineering teams through workshops, pairing, and implementation support.
• Enable teams to self-serve infrastructure and pipelines with clear guardrails.

Shared Engineering Assets

• Build and maintain reusable CI/CD templates, Terraform modules, Kubernetes patterns, and security policies.
• Establish opinionated but flexible defaults that scale across teams and products.

CI/CD Modernisation

• Lead migration and standardisation of pipelines (e.g. Jenkins → Azure DevOps).
• Implement gated approvals, automated testing, and integrated security scanning.

Operational Independence

• Define operating models that allow teams to build, release, and run their own services.
• Introduce SRE-aligned practices, SLAs, and observability standards.

Discovery & Planning

• Assess existing application and platform setups.
• Define pragmatic modernisation roadmaps covering tooling, pipelines, environments, and workflows.

Stakeholder Engagement

• Communicate technical decisions, trade-offs, and outcomes clearly to both technical and non-technical stakeholders.
• Work closely with architects, security teams, and platform teams to align standards and priorities.

CoE Leadership (Enablement-focused)

• Act as the technical anchor of a DevSecOps Enablement CoE.
• Mentor engineers and uplift engineering maturity across teams (no heavy line management expected).

Key Initiatives (First 6-9 Months)

• CI/CD pipelines with security and quality gates.
• Reusable IaC modules and Kubernetes deployment patterns.
• Self-service DevSecOps workflows with clear guardrails.
• Improved visibility into reliability, security posture, and cost drivers.
• Clear onboarding playbooks for teams adopting shared tooling.

What You'll Bring

Technical Expertise

• Strong hands-on experience with Azure DevOps, Terraform, Kubernetes (AKS/EKS), containerisation, and cloud networking.
• Experience building secure, compliant cloud platforms on Azure and/or AWS.

Operations & Security

• Solid understanding of Day-2 operations, observability (logs, metrics, traces), vulnerability management, and shift-left security practices.

Enablement Mindset

• Proven ability to standardise tooling while empowering teams rather than blocking them.
• Experience building reusable assets, templates, and playbooks.

Stakeholder Influence

• Able to explain complex technical concepts clearly and pragmatically.
• Comfortable influencing architecture and delivery decisions at programme or enterprise level.

Experience

• Minimum 7 years in IT / engineering roles.
• Experience operating as a senior engineer, principal engineer, or technical lead in complex environments.

GCC / WOG Experience (Highly Preferred)

• Experience working with Singapore Government Commercial Cloud (AWS / Azure) and associated guardrails.
• Familiarity with government DevSecOps platforms (e.g. SHIP-HATS 2.0, SGTS).
• Exposure to public-sector delivery environments with structured governance and compliance requirements.

Bonus Points

• Experience establishing DevSecOps or Platform Enablement CoEs.
• Designing CI/CD standards for microservices and APIs.
• Implementing basic FinOps practices and SRE-aligned operating models.
• Strong understanding of auditability and secure SDLC expectations in regulated environments.