About the Role
We are looking for a hands-on Principal DevSecOps Engineer to drive platform and DevSecOps enablement across a large-scale public-sector environment.
This role focuses on building, standardising, and enabling CI/CD, IaC, security, and observability practices so that product teams can build, release, and operate services independently and safely.
You will act as the technical nucleus of a DevSecOps Enablement Centre of Excellence (CoE) - shaping shared tooling, patterns, and ways of working. This is not a governance-only or documentation-heavy architecture role you will be actively designing and implementing solutions alongside delivery teams.
What You'll Be Doing
Hands-on Platform & DevSecOps Enablement
- Design and implement standardised CI/CD pipelines, IaC modules, security checks, and observability patterns.
- Work directly with engineering teams through workshops, pairing, and implementation support.
- Enable teams to self-serve infrastructure and pipelines with clear guardrails.
Shared Engineering Assets
- Build and maintain reusable CI/CD templates, Terraform modules, Kubernetes patterns, and security policies.
- Establish opinionated but flexible defaults that scale across teams and products.
CI/CD Modernisation
- Lead migration and standardisation of pipelines (e.g. Jenkins Azure DevOps).
- Implement gated approvals, automated testing, and integrated security scanning.
Operational Independence
- Define operating models that allow teams to build, release, and run their own services.
- Introduce SRE-aligned practices, SLAs, and observability standards.
Discovery & Planning
- Assess existing application and platform setups.
- Define pragmatic modernisation roadmaps covering tooling, pipelines, environments, and workflows.
Stakeholder Engagement
- Communicate technical decisions, trade-offs, and outcomes clearly to both technical and non-technical stakeholders.
- Work closely with architects, security teams, and platform teams to align standards and priorities.
CoE Leadership (Enablement-focused)
- Act as the technical anchor of a DevSecOps Enablement CoE.
- Mentor engineers and uplift engineering maturity across teams (no heavy line management expected).
Key Initiatives (First 6-9 Months)
- CI/CD pipelines with security and quality gates.
- Reusable IaC modules and Kubernetes deployment patterns.
- Self-service DevSecOps workflows with clear guardrails.
- Improved visibility into reliability, security posture, and cost drivers.
- Clear onboarding playbooks for teams adopting shared tooling.
What You'll Bring
Technical Expertise
- Strong hands-on experience with Azure DevOps, Terraform, Kubernetes (AKS/EKS), containerisation, and cloud networking.
- Experience building secure, compliant cloud platforms on Azure and/or AWS.
Operations & Security
- Solid understanding of Day-2 operations, observability (logs, metrics, traces), vulnerability management, and shift-left security practices.
Enablement Mindset
- Proven ability to standardise tooling while empowering teams rather than blocking them.
- Experience building reusable assets, templates, and playbooks.
Stakeholder Influence
- Able to explain complex technical concepts clearly and pragmatically.
- Comfortable influencing architecture and delivery decisions at programme or enterprise level.
Experience
- Minimum 7 years in IT / engineering roles.
- Experience operating as a senior engineer, principal engineer, or technical lead in complex environments.
GCC / WOG Experience (Highly Preferred)
- Experience working with Singapore Government Commercial Cloud (AWS / Azure) and associated guardrails.
- Familiarity with government DevSecOps platforms (e.g. SHIP-HATS 2.0, SGTS).
- Exposure to public-sector delivery environments with structured governance and compliance requirements.
Bonus Points
- Experience establishing DevSecOps or Platform Enablement CoEs.
- Designing CI/CD standards for microservices and APIs.
- Implementing basic FinOps practices and SRE-aligned operating models.
- Strong understanding of auditability and secure SDLC expectations in regulated environments.
