Job Description

About Neudesic

Passion for technology drives us, but it’s innovation that defines us . From design to development and support to management, Neudesic offers decades of experience, proven frameworks and a disciplined approach to quickly deliver reliable, quality solutions that help our customers go to market faster.

Neudesic, an IBM Company, is a trusted technology partner in business innovation, delivering impactful business results to clients through digital modernization and evolution. We specialize in providing services and solutions that drive digital transformation, leveraging our expertise in cloud, data, and AI technologies.

What sets us apart from the rest, is an amazing collection of people who live and lead with our core values. We believe that everyone should be Passionate about what they do, disciplined to the core, innovative by nature, committed to a Team and conduct themselves with Integrity. If these attributes mean something to you - we'd like to hear from you.

Position Overview:

We are hiring a Senior DevSecOps Consultant to design and build GitHub Actions workflows for container and Infrastructure as Code projects. Candidates must demonstrate practical GitHub Advanced Security implementations in production pipelines.

The ideal candidate will have experience in pipeline engineering, cloud security controls and infrastructure automation.

Key Responsibilities

• Pipeline Engineering – design, build, and harden GitHub Actions workflows for container & IaC projects (Terraform/Bicep), integrating CodeQL, Dependabot, secret-scanning, and push-protection gates.
• Cloud Security Controls – codify FedRAMP High / NIST 800-53 controls via Azure
• Policy, Microsoft Defender for Cloud, and GitHub branch-protection rules; contribute
• to reusable policy-as-code libraries.
• Infrastructure Automation – develop and maintain Terraform/Bicep modules for
• secure Azure resources (AKS, Key Vault, App Service) and lay the groundwork for
• AWS & GCP parity.
• Monitoring & Telemetry – integrate GitHub/GHAS events with SIEM/SOAR solutions

1. (e.g., Microsoft Sentinel) using webhooks, REST/Graph APIs, and OpenTelemetry
2. exporters.

• Knowledge Enablement – create runbooks and architecture decision records;
• deliver brown-bag sessions to upskill client and junior engineers.

Must-Have Qualifications

• 3–7 years hands-on DevOps / DevSecOps experience, including 1–3 years securing cloud workloads in Azure (AWS/GCP a plus)
• GitHub Enterprise Admin expertise (org-level settings, SSO/SAML, fine-grained PATs) and deep familiarity with GitHub Advanced Security features: CodeQL, Dependabot, secret scanning, push protection
• Strong Infrastructure-as-Code skills with Terraform and/or Bicep etc.
• Solid grounding in FedRAMP, NIST 800-53, CIS Benchmarks, and OWASP SAMM/SLSA; able to map pipeline controls to compliance frameworks
• Proficiency in at least one scripting language (PowerShell, Bash, Python, or Go) for automation and API integration
• Agile/Scrum delivery experience; clear verbal and written communication skills for client demos and sprint reviews
• Prior Consulting Experience

Nice-to-Have Skills

• GitHub Copilot governance or restricted-mode configuration
• Container security (ACR, Docker, cosign, SBOM generation)
• Policy-as-Code with Open Policy Agent (OPA/Rego); Sigstore keyless signing
• SBOM standards (CycloneDX, SPDX) and software-supply-chain risk tooling
• Microsoft Sentinel analytic rule or data-connector development

Education & Certifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field --or-- equivalent practical experience
• Preferred certifications: AZ-400, AZ-500, SC-100, AWS Security Specialty, CNCF CKS

Soft Skills & Consulting Attributes

• Strong client communication skills (verbal and written)
• Ability to work across security, cloud, application, and DevOps teams
• Self-starter with ability to independently deliver in complex environments
• Structured problem-solving and analytical thinking
• Comfort with multi-client or multi-project delivery environments

Accommodations currently remain in effect for Neudesic employees to work remotely, provided that remote work is consistent with the work patterns and requirements of their team’s management and client obligations. Subject to business needs, employees may be required to perform work or attend meetings on-site at a client or Neudesic location.

Please be aware of phishing scams involving fraudulent career recruiting and fictitious job postings; visit our Phishing Scams page to learn more.

Neudesic is an Equal Employment Opportunity Employer

Neudesic provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws

Neudesic is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organization. Neudesic will be the hiring entity. By proceeding with this application, you understand that Neudesic will share your personal information with other IBM companies involved in your recruitment process, wherever these are located. More Information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here:

Job Tags

Similar Jobs