The Principal Cloud Development Operations Engineer (SDLC & CI/ CD Controls) defines and leads Deep. Health’s enterprise Dev. Sec. Ops strategy, serving as the organizational authority on pipeline security and secure software delivery. The role drives the design, governance, and continuous improvement of automated security controls across all CI/ CD pipelines and developer workflows—ensuring security is built in from design through production while enabling delivery that is fast, measurable, and audit-ready at scale. Essential Duties and Responsibilities Define and own the enterprise Dev. Sec. Ops toolchain strategy; architect standardized pipeline security frameworks—covering SAST, SCA, secrets scanning, Ia. C scanning, and container scanning—adopted across all engineering teams. Establish and govern enterprise release security standards and gating policies across the software delivery organization; lead exception governance and risk acceptance frameworks at the program level. Drive organization-wide adoption of secure development standards; influence engineering leadership on secure-by-default practices and set measurable risk reduction goals tied to business objectives. CI/ CD Pipeline Hardening & Automation Architect and lead the development of enterprise-grade automation frameworks for pipeline security checks, artifact integrity, pipeline hygiene, and audit evidence generation; define reusable standards adopted across the engineering organization. Define and enforce secrets management standards and credential exposure reduction strategies across the entire build and deployment ecosystem; partner with platform leadership to drive enterprise-wide adoption. Establish tooling performance standards and quality criteria for security controls across all pipelines; lead continuous improvement of the security toolchain to optimize the balance between risk coverage and developer velocity. Vulnerability Management Workflow (Engineering-Usable) Define and own the enterprise vulnerability risk management framework; lead cross-functional prioritization of findings with product, engineering, and compliance stakeholders, driving systemic remediation strategies. Establish and own vulnerability SLA standards and exception governance policies; provide executive-level reporting on risk posture, aging trends, and program-wide effectiveness to senior leadership. Security Standards, Threat Modeling & Enablement Lead and advance Deep. Health’s threat modeling methodology; define organizational standards for security risk assessment and translate complex threat landscapes into strategic engineering priorities. Establish and lead the organization’s security champions program; define the Dev. Sec. Ops maturity roadmap and drive measurable, sustained improvement in security culture across all engineering teams. PLEASE NOTE: This is not an exhaustive list of all duties, responsibilities and requirements of the position described above. Other functions may be assigned, and management retains the right to add or change duties at any time. Minimum Qualifications, Education and Experience Bachelor’s degree in engineering or related field or equivalent experience required .2 years in DevOps, platform engineering, application security, or software engineering with hands-on CI/ CD responsibility required. Demonstrated record of designing and leading enterprise Dev. Sec. Ops programs, including toolchain strategy, pipeline security architecture, and cross-organizational adoption at scale. Exceptional communication and influence skills; demonstrated ability to drive strategic alignment on Dev. Sec. Ops programs across engineering, product, and executive stakeholders. Technical Skill Set (Required) CI/ CD & Engineering Systems (Hands-On) Deep expertise in CI/ CD platforms (GitHub Actions, GitLab CI/ CD, Jenkins, Azure DevOps); able to architect multi-platform pipeline strategies and evaluate emerging tooling at an organizational level. Expertise in designing and governing enterprise-scale pipeline policy frameworks, release controls, and branch protection standards; defines organizational standards adopted across teams. Scripting / Automation Advanced proficiency in Python, Bash, PowerShell, or equivalent; designs automation architectures and reusable frameworks adopted across the engineering organization. Expert-level API integration capability; architects toolchain integrations and metrics platforms to support program-wide reporting and continuous compliance evidence generation. Application Security Fundamentals Expert knowledge of application security risks, attack vectors, and secure development patterns; contributes to and influences internal security standards and industry frameworks (OWASP, NIST, CIS). Ia. C / Container Awareness Deep expertise in Ia. C and container security architecture (Terraform, Cloud. Formation, Bicep; Docker, Kubernetes); defines organizational standards for supply chain integrity, image scanning, and runtime security controls. Preferred Qualifications Demonstrated program leadership in regulated environments (PHI/ PII); authored or significantly contributed to enterprise HIPAA, SOC 2, or ISO 27001 compliance programs with direct audit and evidence ownership. Expert-level knowledge across the Dev. Sec. Ops/ App. Sec toolchain (Semgrep, Sonar. Qube, Snyk, Trivy, Prisma/ Defender); experience leading enterprise-scale tooling evaluation, selection, and onboarding programs. Advanced security certifications strongly preferred (CISSP, CSSLP, AWS Security Specialty, or equivalent); thought leadership through published work, conference presentations, or open-source contributions is a strong differentiator. Quality Standards Communicates, cooperates, and consistently functions professionally and harmoniously with all levels of supervision, co-workers, visitors, and vendors. Demonstrates initiative, personal awareness, professionalism and integrity, and exercises confidentiality in all areas of performance. Follows all local, regional and country laws concerning employment. Follows all Deep. Health policies and procedures. Follows data privacy, compliance, safety and confidentiality standards at all times. Practices universal safety precautions. Promotes good public relations on the phone and in person. Adapts and is willing to learn new tasks, methods, and systems. Reports to work regularly as scheduled; consistently punctual with respect to working hours, meal and rest breaks, and maintains satisfactory personal attendance in accordance with Deep. Health guidelines. Completes job responsibilities in a quality and timely manner. Physical Demands This position often requires sitting, standing, walking, bending, twisting, reaching with hands and arms, using hands and fingers, handling, or feeling, speaking, listening, and high-level cognitive thinking. Also, must be able to lift up to 10 pounds occasionally. Travel. This position requires domestic / international travel up to 10%. Working Environment Remote Salary: $200,000 - $230,000