| Job Summary: We are seeking a skilled and proactive CI/CD Engineer to design, implement, and maintain robust Continuous Integration and Continuous Deployment (CI/CD) pipelines. The ideal candidate will have hands-on experience with application build automation, deployment strategies, security integration, and external package management. This role is critical in ensuring high-quality, secure, and efficient software delivery across .NET, Azure ASE, and COTS technologies. Key Responsibilities: CI/CD Pipeline Development & Automation - Design and implement automated build, packaging, and deployment pipelines.
- Develop gated check-in processes based on unit tests, code coverage, code reviews, and SAST scans.
- Create and maintain standard pipeline templates for .NET, Azure ASE, and COTS technologies.
- Automate production deployment pipelines including code, configuration, and data updates.
- Implement dynamic application security testing (DAST) and static application security testing (SAST) in pipelines.
- Maintain pipeline execution audit trails and exception/technical debt management processes. Database & Release Management - Automate database change deployments.
- Manage production release deployments with full change task automation.
- Implement automated cleanup tasks for outdated or unused resources. Tooling & Quality Assurance - Integrate modern code quality and security tools with resolution recommendations and auto-fix capabilities.
- Ensure secure software supply chain practices including vulnerability remediation workflows.
- Enable scanning of control builds for security vulnerabilities. External Package Management - Set up and configure external package managers (e.g., Artifactory).
- Perform continuous assessment and reporting of vulnerabilities in the application landscape.
- Monitor health, usage, and status of packages; generate SBOMs and perform software composition analysis.
- Configure policies for internal/external packages, license compliance, and firewall security.
- Manage package lifecycle, cleanup policies, and enterprise access control.
- Handle new package requests under policy control and manage dependency versioning and tech debt. Governance & Adoption - Develop dashboards for practice adoption and CI/CD health metrics.
- Enable self-service onboarding for tools and access setup.
- Maintain audit trails for external package management and CI/CD activities. Required Skills & Qualifications: - Strong experience with CI/CD tools (e.g., Azure DevOps, Jenkins, GitHub Actions).
- Proficiency in scripting languages (PowerShell, Bash, Python).
- Experience with .NET, Azure App Service Environment (ASE), and COTS integration.
- Familiarity with SAST/DAST tools (e.g., SonarQube, Fortify, Checkmarx).
- Experience with Artifactory or similar package management tools.
- Knowledge of secure software development lifecycle (SSDLC) and DevSecOps practices.
- Strong understanding of software composition analysis and SBOM generation.
- Excellent problem-solving and communication skills. Preferred Qualifications: - Certifications in Azure DevOps, Security, or related fields.
- Experience with infrastructure as code (IaC) tools like Terraform or ARM templates.
- Familiarity with containerization and orchestration (Docker, Kubernetes). | 