Lead DevOps Engineer

Lead DevOps Engineer

WHAT MAKES US, US

Join some of the most innovative thinkers in FinTech as we lead the evolution of financial technology. If you are an innovative, curious, collaborative person who embraces challenges and wants to grow, learn and pursue outcomes with our prestigious financial clients, say Hello to SimCorp! At its foundation, SimCorp is guided by our values — caring, customer success-driven, collaborative, curious, and courageous. Our people-centered organization focuses on skills development, relationship building, and client success. We take pride in cultivating an environment where all team members can grow, feel heard, valued, and empowered.

If you like what we’re saying, keep reading!

WHY THIS ROLE IS IMPORTANT TO US

As a Lead​ DevOps Engineer on the CRC DevOps team, you will design, develop, and maintain the automation frameworks that provision, configure, and manage Azure-hosted Windows infrastructure for SimCorp's Client Reporting clients. You will work across the full infrastructure lifecycle -- from initial environment builds through ongoing configuration management, security compliance, and operational automation.

This is a hands-on engineering role with significant ownership over infrastructure tooling and automation. You will contribute to an active migration from legacy imperative scripting to declarative Desired State Configuration (DSC) patterns, develop and maintain Terraform-based infrastructure deployments, and build PowerShell modules and CI/CD pipelines that enable repeatable, consistent operations across all client environments.

As a lead member of the team, you will help drive technical strategy and architectural decisions, mentor other engineers through design reviews and best-practice sharing, and be proactive in seeking out opportunities to increase the level of automation in the service.

WHAT YOU WILL BE RESPONSIBLE FOR

Infrastructure as Code Development

• Develop and maintain Terraform configurations for multi-stage Azure infrastructure deployments (networking, key vaults, platform resources, VMs, automation accounts, and SSO)
• Build and enhance PowerShell-driven Terraform generation pipelines that transform client XML configurations into deployment-ready Terraform JSON
• Manage Terraform state across 20+ client subscriptions

Configuration Management and DSC Migration

• Drive the ongoing migration from legacy imperative PowerShell build scripts to declarative PowerShell Desired State Configuration (DSC)
• Develop custom DSC resource modules for Windows OS, SQL Server, IIS, Active Directory Group Policy, and application-specific configurations
• Build and maintain DSC "Merge" functions that transform client XML configuration data into structured inputs for DSC compilation
• Create role-based DSC configurations for server types including Domain Controllers, SQL Servers, IIS Servers, BPM Servers, and Application Servers

PowerShell Module and Automation Development

• Design and develop modular PowerShell modules following established conventions (public/private function directories, manifest files, Allman brace style)
• Build Azure Automation runbooks for operational tasks such as health checks, credential rotation, backup management, and user provisioning
• Create and maintain Pester (v5) unit tests for modules, merge functions, and DSC configurations
• Enforce code quality through PSScriptAnalyzer rules and peer code review

CI/CD Pipeline Engineering

• Develop and maintain Azure DevOps YAML pipelines for module builds, runbook publishing, Terraform deployments, DSC deployments, and client configuration processing
• Implement multi-stage deployment pipelines with approval gates and change detection
• Manage Azure DevOps Artifacts feeds for internal PowerShell module and runbook distribution
• Build automated testing and validation into pipeline workflows
• Investigate and resolve incidents impacting the code pipeline; implement and deploy fixes to recover from delivery issues

Security and Compliance

• Manage Azure Key Vault configurations for credential storage, certificate management, and encryption key rotation (BitLocker, SQL TDE)
• Implement and maintain security controls including NSG rules, Check Point firewall policies, and SSL/TLS hardening
• Support SOC2 audit evidence collection and compliance requirements
• Manage cryptographic asset lifecycles including LetsEncrypt certificate automation and SQL asymmetric key rotation
• Implement data loss prevention policies and Windows security hardening via Group Policy

Networking and Connectivity

• Manage hub-and-spoke VNet architecture with management network peering across all client subscriptions
• Configure and troubleshoot site-to-site VPN connections with client networks
• Work with Check Point firewall appliances for security policy, URL filtering, and intrusion prevention
• Manage Azure DNS zones and client AD-internal DNS configurations

Collaboration and Knowledge Transfer

• Mentor and guide other engineers through design reviews, code reviews, and best-practice sharing
• Develop documentation and conduct training sessions to hand over new features to the SRE team
• Build trust and rapport with SREs through close collaboration and a shared understanding of operational challenges
• Participate in sprint ceremonies and contribute to backlog refinement
• Support incident escalations from SRE when coding expertise or deep infrastructure knowledge is required
• Assist with project planning and provide input to project management decisions
• Contribute to process documentation and knowledge base articles

Skills & Competencies:

Technical Skills

Must Have:

• 5+ years of experience in DevOps, infrastructure engineering, or a closely related role
• Strong proficiency in PowerShell scripting, module development, and automation (this is the primary development language)
• Hands-on experience with Terraform for Azure infrastructure provisioning and state management
• Solid working knowledge of Microsoft Azure services: VMs, VNets, Key Vault, Automation Accounts, Entra ID, Storage, DNS, and NSGs
• Experience with Azure DevOps (Repos, Pipelines, Boards, Artifacts) or equivalent CI/CD platforms
• Strong understanding of Windows Server administration including Active Directory, Group Policy, DNS, and IIS
• Experience with Windows SQL Server administration (configuration, backup strategies, security features such as TDE)
• Familiarity with Infrastructure-as-Code principles, idempotent deployments, and configuration drift management
• Understanding of security best practices: least-privilege access, credential management, encryption at rest and in transit

Nice to Have:

• Experience with PowerShell Desired State Configuration (DSC) -- authoring configurations, custom resources, and MOF compilation
• Experience with Pester testing framework for PowerShell
• Familiarity with Citrix technologies (ADC/NetScaler, StoreFront, Cloud)
• Experience with Check Point firewall management and security policies
• Hands-on experience with Packer for VM image builds and Azure Compute Gallery
• Familiarity with Rapid7 InsightVM/InsightIDR for vulnerability management and SIEM
• Experience with Datadog or similar monitoring and observability platforms
• Knowledge of SAML SSO configuration and identity federation
• Experience supporting SOC2 or similar compliance frameworks
• Exposure to Azure Site Recovery (ASR) for disaster recovery
• Familiarity with ITIL IT Service Management processes

WHAT WE VALUE

Leading the development of software components and features, ensuring alignment with business and technical goals

Collaborating with cross-functional teams to implement and optimize software solutions

Mentoring junior engineers and driving continuous improvement in software development practices

Troubleshooting complex issues and implementing solutions to enhance software performance and scalability.

BENEFITS

Benefits Industry-leading salary, bonus scheme, and pension are essential for any work agreement. However, in SimCorp, we believe we can offer more. Therefore, in addition to the traditional benefit scheme, we provide a work & work-life balance: flexible work hours, and a hybrid workplace model. On top of that, we have IP sprints where you have 3 weeks per quarter you can spend on developing your skills as well as contributing to the company's development. There is never just only one route - we practice a tailored approach to professional development to support the direction you want to take.

NEXT STEPS

Please send us your application in English via our career site as soon as possible, we process incoming applications continually. Please note that only applications sent through our system will be processed. At SimCorp, we recognize that bias can unintentionally occur in the recruitment process. To uphold fairness and equal opportunities for all applicants, we kindly ask you to exclude personal data such as photo, age, or any non- professional information from your application. Thank you for aiding us in our endeavor to mitigate biases in our recruitment process.

For any questions you are welcome to contact Swati Pal ([email protected]), Talent Acquisition Partner, at email address. If you are interested in being a part of SimCorp but are not sure this role is suitable, submit your CV anyway. SimCorp is on an exciting growth journey, and our Talent Acquisition Team is ready to assist you discover the right role for you. The approximate time to consider your CV is three weeks.

We are eager to continually improve our talent acquisition process and make everyone’s experience positive and valuable. Therefore, during the process we will ask you to provide your feedback, which is highly appreciated.

WHO WE ARE

For over 50 years, we have worked closely with investment and asset managers to become the world’s leading provider of integrated investment management solutions. We are 3,000+ colleagues with a broad range of nationalities, educations, professional experiences, ages, and backgrounds. SimCorp is an independent subsidiary of the Deutsche Börse Group. Following the recent merger with Axioma, we leverage the combined strength of our brands to provide an industry-leading, full, front-to-back offering for our clients. SimCorp is an equal-opportunity employer. We are committed to building a culture where diverse perspectives and expertise are integrated into our everyday work. We believe in the continual growth and development of our employees, so that we can provide best-in-class solutions to our clients.

#Li-Hybrid