Role Overview
Opexor is looking for an experienced DevSecOps Architect to lead the architecture and technical design of an enterprise DevOps and DevSecOps implementation for a regulated financial services environment.
The role will define the end-to-end DevSecOps architecture across Azure DevOps Services, repositories, CI/CD pipelines, security gates, artifact management, approval workflows, hybrid deployment zones, SIEM, ITSM, vulnerability management, and compliance evidence. The architect will ensure the solution is secure, auditable, scalable, and aligned with banking-grade governance expectations.
Key Responsibilities
- Define the target-state DevSecOps architecture for Azure DevOps-based delivery.
- Design secure CI/CD patterns for frontend, backend, and middleware applications.
- Create architecture for Azure Repos, Azure Pipelines, agent pools, artifact promotion, approval gates, and rollback controls.
- Design hybrid deployment patterns for cloud and on-premises environments.
- Define DevSecOps gates including SAST, SCA, secrets scanning, dependency scanning, DAST, and optional container or IaC scanning.
- Establish audit logging, evidence capture, RBAC, least privilege, and segregation of duties.
- Define integration patterns for Azure Key Vault, SIEM, ITSM, vulnerability management, and compliance reporting.
- Provide technical leadership to DevOps, DevSecOps, and platform engineers.
- Support technical workshops, design reviews, risk reviews, and client-facing architecture discussions.
- Prepare high-level and low-level design documentation.
Required Skills and Experience
- 12+ years of technology experience.
- 7+ years of DevOps or DevSecOps architecture experience.
- 5+ years of Azure DevOps, CI/CD, or cloud delivery architecture experience.
- Strong understanding of secure SDLC, DevSecOps controls, and enterprise release governance.
- Hands-on experience with Azure DevOps Services, Azure Repos, Azure Pipelines, YAML pipelines, service connections, environments, approvals, and self-hosted agents.
- Experience with SonarQube or equivalent quality gate platforms.
- Knowledge of SAST, SCA, secrets scanning, DAST, SBOM, vulnerability workflows, and security gate policies.
- Experience designing CI/CD pipelines for Java, JavaScript, React, React Native, and middleware workloads.
- Familiarity with IBM IIB / ACE deployment patterns is preferred.
- Experience with regulated environments such as banking, fintech, government, or critical infrastructure.
- Strong understanding of SAMA, NCA, PCI-DSS, OWASP Top 10, or similar control frameworks is preferred.
Required Certifications
- Microsoft Certified: DevOps Engineer Expert.
- Microsoft Certified: Azure Administrator Associate or Azure Developer Associate.
- Certified Secure Software Lifecycle Professional, CSSLP.
- CISSP, CISM, or equivalent security certification.
- DevSecOps Foundation or DevSecOps Engineering certification.
- TOGAF or equivalent architecture certification is a plus.
Expected Deliverables
- DevSecOps reference architecture.
- Azure DevOps CI/CD architecture.
- Hybrid cloud and on-premises deployment architecture.
- Security gate and compliance control model.
- SIEM, ITSM, Key Vault, and vulnerability workflow integration design.
- Architecture diagrams, HLD, LLD, and technical decision records.
- Technical risk register and mitigation plan. EOFD