Lead DevSecOps Engineer

Lead Dev Sec Ops  Engineer

CGI is seeking a Lead Dev Sec Ops  Engineer to champion secure‑by‑design engineering across our cloud and application platforms. You will lead the integration of security into CI/CD pipelines, architect secure cloud environments, and guide teams in adopting modern Dev Sec Ops  practices.

This is a high‑impact leadership role where you will influence strategy, mentor engineers, and shape CGI’s security posture across mission‑critical systems.

We're standing up a dedicated vulnerability management practice at one of the largest banks in the US, automating what two vendor teams currently do by hand, and building the AI layer that takes it further.

The work is hands‑on, the impact is visible, and you'll have a delivery team ready to execute with you from day one.

This position is located at our client site in Cleveland, OH, Pittsburgh, PA, or Dallas, TX.

For this role on this particular client engagement, employer sponsorship of immigration related visa and/or green card status as part of the PERM process will not be available.

• Build and lead the Dev Sec Ops  engineering practice across all three execution crews Platform & Infra, Application/Data/Middleware, and Container & TRC.
• Own the Definition of Done for vulnerability remediation across all 130 mnemonics: what constitutes a properly remediated, validated, and closed item before Archer POAM closure and rescan submission.
• Coach GCC offshore engineers on PNC-specific practices including Bitbucket branching standards, Jenkins pipeline security gates, PAC enforcement, and CaaS container security policies. Act as the technical escalation point between execution crews and the Solution Architect.

• Own the security and reliability of all Jenkins pipelines used for vulnerability remediation automation including PR generation, RITM automation, and remediation validation.
• Implement and maintain security gates within Jenkins pipelines enforcing PAC policy checks, scan thresholds, and approval workflows before any automated fix proceeds.
• Build and maintain Jenkins shared library components for reusable pipeline steps covering Archer status updates, Service Now RITM creation, Sysdig alert ingestion, and rescan triggering.
• Ensure all pipeline changes go through client's CAB review process and do not bypass deployment governance.

• Own the Bitbucket repository structure and branching standards for the CGI GCC automation codebase including runbook scripts, Python tools, Ansible playbooks, and Terraform modules.
• Manage Bitbucket PR workflow configurations including required reviewers, merge checks, and automated status checks that enforce quality gates before remediation scripts are merged.
• Maintain Artifactory integration within the vulnerability remediation pipeline managing artifact promotion, dependency resolution, and scanning to ensure no vulnerable dependencies are introduced into the automation toolchain.

• Implement and maintain client PAC policy rules governing vulnerability remediation automation, ensuring automated remediations comply with client's security policies before execution.
• Build Ansible playbooks for repeatable infrastructure remediation patterns including OS patch application, SSL/TLS configuration updates, and server hardening aligned to client standards.
• Develop Terraform modules for infrastructure-level vulnerability remediations requiring environment configuration changes.
• Implement automated compliance evidence generation producing audit-ready outputs from Jenkins pipeline executions that satisfy client's OCC, FFIEC, and SOX audit requirements.

• Own the day-to-day health and configuration of all vulnerability tool integrations including Archer API connections, Tanium feed ingestion, Sysdig alert routing, Security Center data pipelines, and Imperva alert processing.
• Maintain the Python-based Service Now integration that creates, routes, and tracks RITMs to PNC platform teams including Converge,…