Lead DevSecOps

Job Description:

Position Overview

The primary responsibility of the Lead DevSecOps Engineer is to drive the implementation of DevSecOps practices for our casino management system being developed from the ground up. This role requires a robust technical background in software development, security practices, and operations, with a focus on building secure, scalable, and efficient deployment pipelines. The Lead DevSecOps Engineer will collaborate with cross-functional teams to ensure that security is integrated throughout the software development lifecycle. 

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.

Essential Duties & Responsibilities

• Define and implement the DevSecOps strategy for the casino management system, ensuring alignment with business objectives and regulatory compliance. 

• Design and manage CI/CD pipelines to automate the build, test, and deployment processes, ensuring rapid and reliable software delivery. 

• Integrate security practices into the development lifecycle, including threat modeling, static and dynamic code analysis, and vulnerability assessments. 

• Utilize IaC tools (e.g., Terraform, AWS CloudFormation) to automate the provisioning and management of infrastructure in a secure and repeatable manner. 

• Design and implement secure deployment strategies for both single and multi-tenant environments, ensuring optimal performance and isolation of resources. 

• Implement robust monitoring, logging, and alerting systems to ensure system reliability, performance, and security compliance. 

• Work closely with development, QA, and operations teams to foster a culture of security awareness and implement best practices in software development and deployment. 

• Develop and maintain incident response plans and security policies, ensuring quick response to security incidents and continuous improvement of security posture. 

• Create and maintain comprehensive documentation of DevSecOps processes, standards, and best practices. 

• Perform job duties in a safe manner.

• Attend work as scheduled on a consistent and regular basis.

• Perform other related duties as assigned.

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States.

• Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. 

• Must be able to obtain and maintain any certification or license, as required by law or policy.

• 7+ years of experience in software development, operations, and security, with at least 3 years in a lead DevSecOps role, preferably in the gaming or casino industry. 

• Proficiency in CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) for automating build and deployment processes. 

• Demonstrated experience with configuration management tools (e.g., Ansible, Chef, Puppet) for maintaining system configurations. 

• Strong knowledge of containerization technologies (e.g., Docker, Kubernetes) for deploying and managing applications. 

• Expertise in using IaC tools (e.g., Terraform, AWS CloudFormation) to automate infrastructure deployment. 

• In-depth knowledge of security practices and tools, including static application security testing (SAST), dynamic application security testing (DAST), and security information and event management (SIEM). 

• Experience with cloud services (e.g., AWS, Azure, Google Cloud) and their security configurations and best practices.

• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and integration tasks. 

• Familiarity with monitoring and logging tools (e.g., Prometheus, ELK Stack, Splunk) to ensure system health and security. 

• Experience designing and implementing security measures in multi-tenant architectures to ensure data isolation and compliance. 

• Excellent communication and collaboration skills to work effectively with diverse teams and stakeholders. 

• Strong analytical and problem-solving abilities, with a focus on delivering secure and efficient solutions. 

• Proven leadership skills to mentor and guide team members in DevSecOps practices. 

• Strong interpersonal skills with the ability to communicate effectively and interact appropriately with management, other Team Members and outside contacts of different backgrounds and levels of experience.

Physical Requirements

Must be able to:

• Physically access assigned workspace areas with or without reasonable accommodation.

• Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust.

• Utilize laptop and standard keyboard to perform essential functions of the job.