Senior DevSecMLOps Engineer

Multiple Countries
Full Time
Experienced

Windmill is a boutique digital product delivery company. Our team of designers, strategists and engineers love to create great experiences. We design and develop delightful and functional digital products that solve tough problems and enable new opportunities for enterprises in complex industries, such as banking & finance, healthcare and compliance.

For more information, please check the company website at www.windmillsmartsolutions.com

We are seeking a highly experienced Senior DevSecMLOps Engineer with a strong emphasis on security, compliance, and hands-on implementation capabilities. In this role, you will architect, build, and maintain secure and compliant CI/CD pipelines and ML operations infrastructure, primarily on Azure, while supporting multi-cloud environments. You will embed cutting-edge security tools, maintain robust observability frameworks, ensure ongoing compliance with leading industry standards such as SOC 2 and ISO 27001, and continuously push the envelope with proof-of-concepts (PoCs) on emerging technologies. You will also leverage your strong networking knowledge, solution architecture skills, and incident management abilities to ensure operational excellence and outstanding customer communication.

Key Responsibilities:
-DevSecOps & MLOps Architecture:
-Design, implement, and maintain secure and compliant CI/CD pipelines that underpin the release process for both application and ML workloads.
-Integrate DevSecOps best practices into MLOps pipelines, ensuring model code, data, and infrastructure meet strict security and compliance standards.
-Introduce security and quality checkpoints (SAST, DAST, RASP) into all stages of the software and ML model deployment pipelines.

Cloud Infrastructure & Automation:
-Leverage Microsoft Azure services (including Azure Pipelines) to deliver automated, scalable, and resilient cloud environments.
-Implement Infrastructure as Code (IaC) using Terraform or Pulumi for consistent, repeatable deployments
-Facilitate multi-cloud readiness (AWS/GCP) when required, ensuring flexibility and vendor neutrality

Security & Compliance:
-Integrate and configure best-in-class security scanning and vulnerability management tools (e.g., SonarQube, Snyk, Trivy) throughout the CI/CD lifecycle.
-Ensure compliance with SOC 2 and/or ISO 27001 standards, working closely with compliance teams and continually refining governance policies.
-Leverage GRC tools (e.g., Vanta) to streamline compliance tracking and reporting.
-Conduct regular security assessments, audits, and incident response simulations.

Monitoring & Observability:
-Deploy and manage monitoring and observability solutions using DataDog, ELK stack, Prometheus, or similar tooling.
-Establish robust alerting, dashboards, and logging pipelines to provide actionable insights into system performance, reliability, and security posture.

Tooling & Integration:
-Configure and maintain Jenkins pipelines, BitBucket (Git) repositories, and implement GitFlow branching strategies for streamlined code management.
-Utilize the Atlassian suite (JIRA, Confluence) for integrated project tracking and documentation.
-Integrate AI/ML frameworks (e.g., TensorFlow, PyTorch, scikit-learn) into automated training, testing, and deployment pipelines for ML models.
-Exposure to GenAI and LLMs (Large Language Models) is a plus. • Scripting & Programming:
-Develop automation scripts in Python, as well as Unix shell scripts and PowerShell, to streamline operational tasks, data processing, and environment provisioning.

Networking & Architecture:
-Strong understanding of networking concepts and architecture, ensuring secure, high-performance connectivity across environments.
-Proficient in designing and architecting IT solutions that balance performance, scalability, security, and cost.

 Incident Management & Leadership:
-
Competently manage and resolve major incidents, ensuring minimal downtime and excellent customer communication.
-Collaborate with cross-functional teams—including developers, ML engineers, security analysts, and compliance officers—to ensure, integrated, holistic solutions.
-Mentor junior team members in DevSecOps, MLOps best practices, security integrations, and cloud infrastructures.

Innovation & Roadmap Contribution:
-Contribute to the DevSecMLOps team roadmap by evaluating and introducing new SAST, DAST, RASP, and emerging security tools.
-Lead proofs-of-concept (PoCs) and pilot initiatives around cutting-edge DevSecMLOps and ML technologies, guiding the team toward innovative solutions and best practices.

Qualifications & Certifications: •
Education & Experience:

-Bachelor’s degree in Computer Science, Information Technology, or related field. A Master’s degree or equivalent experience is a plus.
-10+ years of experience in DevOps/DevSecOps roles, with at least 2+ years focusing on MLOps or ML-centric pipelines.

Technical Skills:
-
Advanced knowledge of Azure (Azure DevOps, Azure Pipelines, AKS, Azure Machine Learning, etc.).
-Proven expertise in IaC (Terraform or Pulumi) and cloud-based CI/CD workflows.
-Proficient in Python, Bash, and PowerShell scripting.
-Familiarity with AI/ML frameworks and data engineering best practices; exposure to GenAI/LLMs is a plus.
-Experience with security scanning tools (SonarQube, Snyk, Trivy), CI/CD platforms (Jenkins), version control (BitBucket, Git), GitFlow workflows, and Atlassian suite (JIRA, Confluence).
-Experience in observability and monitoring tools (DataDog, ELK, Prometheus).
-Strong understanding of networking concepts, design, and troubleshooting.

Security & Compliance:
-Proven track record working within SOC 2 or ISO 27001 environments.
-Familiarity with GRC tools (e.g., Vanta) a plus.
-Strong understanding of compliance frameworks, risk management, and best-in-class security practices.

• Certifications:
-Required
: Azure certifications (e.g., Azure DevOps Engineer Expert, Azure Administrator, Azure Security Engineer Associate).
Additional relevant certifications in AWS, GCP, Kubernetes, or security (CISSP, CISM, CCSK) are highly desired.

Soft Skills:
-Excellent communication and collaboration skills, able to convey complex technical topics to both technical and non-technical audiences.
-Strong analytical and problem-solving abilities, with a proactive approach to risk mitigation.
-Leadership qualities, including the ability to mentor and guide team members, manage critical incidents e`ectively, and provide top-tier customer communication.

What We Offer:
-Competitive compensation and benefits package.
-Opportunities for professional growth, training, and certifications.
-A dynamic environment where innovation, security, operational excellence, and cutting-edge ML technologies are highly valued.
-Flexible working practices
-Friendly environment

If you are a security-focused, hands-on DevSecMLOps professional with 10+ years of experience, eager to drive innovation, ensure compliance, and help shape our next- generation CI/CD and MLOps pipelines, we want to hear from you!

Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*