Lead IT DevSecOps Engineer

Cleveland-Cliffs Inc. is seeking an experienced DevSecOps Engineer to join our IT team. This role is responsible for designing, implementing, and maintaining automated deployment pipelines and infrastructure with integrated security practices across our development and production environments. This position will bridge the gap between development, operations, and security, working with both modern cloud technologies and legacy systems while fostering a culture of automation and continuous improvement. 

Summary of Responsibilities 

• Design, implement, and maintain CI/CD pipelines across multiple platforms (GitHub Actions, GitLab CI/CD, Jenkins, TFS) 

• Develop deployment automation scripts using NodeJS and C# for build, backup, and deployment processes 

• Integrate containerized applications with cloud platforms and manage container registries 

• Configure automated workflows and orchestration processes across server environments 

• Administer Git repositories including access control, branching strategies, and workflow automation 

• Plan and execute migrations between version control platforms 

• Develop and maintain GitHub Actions and custom automation scripts 

• Configure GitHub Advanced Security features 

• Manage application configurations, environment variables, and connection strings across environments 

• Administer development tools and DevOps infrastructure 

• Monitor infrastructure health and proactively resolve issues 

• Maintain documentation of system configurations and changes 

• Configure and maintain Azure API Management endpoints, policies, and security controls 

• Manage API authentication, authorization, and access controls 

• Deploy and configure Azure App Services 

• Maintain log aggregation systems that collect and store production logs for analysis and troubleshooting 

• Monitor and maintain DevOps tooling, automation scripts, and infrastructure components 

• Perform system administration tasks and resolve infrastructure issues proactively 

• Track system changes and maintain documentation of configurations 

• Configure and manage GitHub Advanced Security features including code scanning and secret detection 

• Implement security best practices across deployment pipelines and infrastructure 

• Integrate security scanning tools into CI/CD workflows (SAST/DAST) 

• Ensure secure API communication and implement access controls across network infrastructure 

• Monitor security vulnerabilities and coordinate remediation efforts 

• Maintain security policies, authentication mechanisms, and authorization controls 

Minimum Qualifications  

• Bachelor's degree in Computer Science, Information Technology, or related field (or equivalent experience) 

• 8+ years of experience in DevOps, DevSecOps, or platform engineering roles 

• Strong scripting and programming skills (NodeJS, C#, Python, or similar) 

• Hands-on experience with CI/CD tools (Jenkins, GitHub Actions, GitLab CI/CD) 

• Proficiency with Git and repository management 

• Experience with containerization technologies (Docker, Kubernetes) 

• Working knowledge of cloud platforms (Azure, AWS, or GCP) 

• Understanding of API gateway configuration and security best practices 

• Strong understanding of networking, security principles, and access control 

• Strong problem-solving abilities and troubleshooting skills 

Preferred Qualifications  

• Experience with Azure ecosystem (APIM, App Services, DevOps) 

• Familiarity with .NET applications and supporting legacy systems 

• Knowledge of monitoring and observability tools (Prometheus, Grafana, ELK stack) 

• Experience with Infrastructure as Code (Terraform, ARM templates) 

• Experience with security scanning tools (SAST/DAST, dependency scanning) 

• Knowledge of vulnerability management and remediation processes 

• Understanding of compliance frameworks and security standards 

• Excellent communication and collaboration skills