The Senior DevOps Engineer designs, builds, and operates the platforms, pipelines, and infrastructure that CMG software teams depend on to deliver and run software. This role owns significant components end-to-end across CMG's shared CI/CD templates, the Terraform infrastructure catalog, GitHub Enterprise, and the identity and security configuration underneath them. Because most of what this team builds is used broadly by application teams, Senior DevOps Engineers are expected to design changes that version cleanly, protect downstream consumers, and raise the maturity of the platform over time.
ESSENTIAL DUTIES and RESPONSIBILITIES, includes the following responsibilities, but not limited to:
-
Design and maintain the shared CI/CD templates, reusable GitHub Actions workflows, and composite actions that application teams use to build and deploy .NET, Node.js, and SQL projects to Azure App Service, Container Apps, and on-premises IIS.
-
Design and maintain Terraform modules and self-service catalog stacks used across the dev, QA, UAT, and production environments, and lead the work to fold legacy modules into the supported catalog.
-
Own significant infrastructure and platform components end-to-end, including design, implementation, operation, and lifecycle management.
-
Lead platform migration and modernization work, including source control, runtime, and identity migrations across multiple application teams.
-
Build and maintain self-service tooling that reduces manual effort for application teams, including infrastructure catalogs, scaffolding, and intake automation.
-
Introduce and maintain automated guardrails across pipelines and infrastructure, including policy-as-code, cost and budget controls, and compliance checks aligned to SOC 2, SOX, and GLBA.
-
Improve testing and validation of the platform's own code, so shared changes are verified once and safe for every team that consumes them.
-
Improve observability of the platform itself, including infrastructure drift, pipeline health, failure origin, identity and OIDC issues, and cloud cost.
-
Administer GitHub Enterprise and the Azure DevOps footprint, including organization configuration, security policies, rulesets, Entra ID integration, and OIDC federation.
-
Apply secure-by-default practices across pipelines and infrastructure, including managed identity, secret management and rotation, and least-privilege access.
-
Investigate and resolve complex platform incidents, contribute to root cause analysis, and drive corrective actions.
-
Provide technical review on pipeline, infrastructure, and tooling changes; mentor engineers through code review and pairing.
-
Develop deep expertise in one or more domain areas, such as Azure platform services, identity and access, networking, data platform, or CI/CD design, and act as a resource to the team in that area.
REQUIRED QUALIFICATIONS:
-
Bachelor's degree in Computer Science, Information Technology, or a related field (equivalent experience considered).
-
5+ years of experience in DevOps, cloud engineering, or platform engineering, including experience owning a shared platform used by other teams.
-
Experience working in a regulated industry such as financial services, mortgage lending, or healthcare, where audit, change control, and least-privilege access are the norm.
-
Strong hands-on experience with Microsoft Azure across App Service, Container Apps, Functions, Storage, networking, Key Vault, and Entra ID.
-
Strong proficiency with Terraform at scale, including module and stack design, state management, and testing.
-
Strong proficiency with CI/CD platforms, including GitHub Actions and Azure DevOps Pipelines, with a track record of designing reusable workflow and template systems used across multiple teams.
-
Proficiency administering GitHub Enterprise and Azure DevOps at the organization level, including security policies, rulesets, and OIDC or other identity federation.
-
Proficiency in scripting and automation with PowerShell, Bash, or Python.
-
Working knowledge of containerization and container orchestration, including Docker and Azure Container Apps or comparable platforms.
-
Working knowledge of observability platforms, including Azure Monitor, Log Analytics, and Application Insights.
-
Demonstrated experience raising platform maturity through practices such as policy-as-code, platform testing, drift detection, cost controls, or migration tooling.
-
Working knowledge of regulatory and security frameworks relevant to financial services, including SOC 2, SOX, and GLBA.
-
Strong written and verbal communication skills, with the ability to collaborate across application, security, and infrastructure teams.
SUPERVISORY RESPONSIBILITIES:
Direct Reports: N/A
PHYSICAL and ENVIRONMENTAL CONDITIONS
This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.
Base Compensation Information – This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.)