Lead DevSecOps Engineer

Job Title: Lead DevSecOps Engineer
Location: Strongsville, OH
Type: Fulltime

Responsibilities

• Lead the integration of security into CI/CD pipelines, architect secure cloud environments, and guide teams in adopting modern DevSecOps practices to ensure a secure-by-design engineering approach across cloud and application platforms.
• Build and lead the DevSecOps engineering practice across all three execution crews: Platform & Infra, Application/Data/Middleware, and Container & TRC.
• Own the Definition of Done for vulnerability remediation across all 130 mnemonics, ensuring proper validation, closure, and compliance with Archer POAM closure requirements.
• Coach offshore engineers on PNC-specific practices including Bitbucket branching standards, Jenkins pipeline security gates, PAC enforcement, and container security policies.
• Manage the security and reliability of Jenkins pipelines used for vulnerability remediation automation, including implementing and maintaining security gates and reusable pipeline components.
• Own Bitbucket repository structure, branching standards, and manage workflow configurations to enforce quality and security standards.
• Implement and maintain client PAC policy rules governing vulnerability automation, ensuring compliance with security policies before execution.
• Develop Ansible playbooks and Terraform modules for infrastructure remediations, ensuring automated compliance evidence generation for audits.
• Own operations and health of vulnerability tools (Archer, Tanium, Sysdig, SecurityCenter, Imperva), maintaining integrations and ensuring correct alert processing and scan coverage.
• Manage secrets via CyberArk, ensuring least-privilege access and integrating secrets management within pipelines.
• Build and maintain a unified vulnerability SLA dashboard in Archer with real-time vulnerability data, along with automated weekly SLA reports.
• Drive shift-left security practices within client application teams by embedding PAC checks and container security scans in the development pipeline.
• Identify automation improvements to increase efficiency and contribute operational insights to improve AI/ML triage engines.

Requirements

• 7+ years of hands-on DevSecOps or security automation engineering experience in enterprise environments.
• Deep experience with Jenkins: shared libraries, pipeline-as-code, credential management, plugin administration, troubleshooting.
• Proficiency with Bitbucket: branch permissions, PR workflows, webhook automation, Jenkins integration.
• Strong knowledge of Artifactory: dependency management, artifact promotion, repository configuration, security scanning.
• Advanced Python skills: REST API integrations, automation scripting, data pipeline code.
• Expertise in Ansible: playbook creation for OS and middleware remediations on Linux and Windows.
• Experience with Terraform: module writing, state management, change governance.
• Familiarity with policy-as-code tools like OPA/Conftest and runtime enforcement.
• REST API integrations with Archer GRC, ServiceNow, Jira.
• Container operations: Docker, OpenShift/OCP, image management, container security.
• Practical experience with vulnerability platforms: Archer GRC, Tanium, SecurityCenter.
• Secrets management expertise, specifically CyberArk.
• Understanding of banking/financial services environment, including CAB process, change windows, deployment governance, and audit requirements.

Preferred Qualifications

• Familiarity with Converge, Micron framework, CaaS/OCP configurations, or BTI retail/lending mnemonic structures.
• Sysdig operational experience for container vulnerability scanning and alert management.
• Tanium endpoint detection and vulnerability data extraction.
• AI/ML pipeline experience, including LangChain or similar AI agent integration.
• Production-level Jira administration and Confluence documentation.

System One, and its subsidiaries including Joulé and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.

#M-
#LI-
Ref: #404-IT Pittsburgh

System One, and its subsidiaries including Joulé, ALTA IT Services, TeamPeople, and Mountain Ltd., are leaders in delivering outsourced services and workforce solutions across North America. We help clients get work done more efficiently and economically, without compromising quality. System One not only serves as a valued partner for our clients, but we offer eligible employees health and welfare benefits coverage options including medical, dental, vision, spending accounts, life insurance, voluntary plans, as well as participation in a 401(k) plan.

System One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, age, national origin, disability, family care or medical leave status, genetic information, veteran status, marital status, or any other characteristic protected by applicable federal, state, or local law.