DevOps Transformation Architect - GitHub Actions
Description:
Job Description
Summary
We are looking for a Pillar Resource / Architect-Lead to drive an enterprise-scale CI/CD modernization program, migrating a large Jenkins ecosystem to GitHub Actions across multiple applications, platforms, and technology stacks. The program objective is to migrate and standardize pipelines, implement reusable workflow patterns, define the GitHub Actions operating model, and ensure secure, compliant, and scalable execution with measurable improvements to developer velocity and release reliability.
This role is both strategic and hands-on: you will define the migration approach and standards, and also guide (and unblock) teams through real pipeline conversions.
Key Responsibilities
Program & Architecture Leadership
Own the end-to-end Jenkins GitHub Actions migration architecture and execution plan for large-scale pipeline migration.
Define a migration factory approach: pipeline inventory, complexity scoring, wave planning, automation, and cutover strategy.
Create and maintain reference architectures for GitHub Actions across major stacks (Java, .NET, Node.js, Python, containerized workloads, etc.).
Establish an operating model: standards, governance, onboarding playbooks, and platform support processes.
GitHub Actions Platform & Standardization
Design and implement reusable workflows and composite actions for common CI/CD patterns: Build/test/package, security scans, artifact publishing, deploy/promote, approvals, rollback hooks
Drive org-wide best practices for: Branch protections, required checks, environments, approvals, CODEOWNERS, repo standards
Build self-service onboarding: templates, documentation, developer enablement sessions.
Runners, Scalability & Reliability
Define and implement runner strategy:
GitHub-hosted vs self-hosted runners
runner groups, isolation boundaries, network controls, scaling strategy (VM/Kubernetes)
Establish reliability and observability:
monitoring, alerting, queue/latency management, incident runbooks
Security, Compliance & Audit Readiness
Integrate enterprise security controls into pipelines:
Secrets governance (Vault/Secrets Manager), OIDC auth, least privilege
SAST/SCA/DAST integration, SBOM generation, artifact signing and provenance (where applicable)
Ensure pipelines meet compliance/audit expectations:
Approvals, segregation of duties, traceability, immutable logs/evidence
Required Qualifications
10+ years in DevOps / CI/CD / Platform Engineering roles, with architect/lead ownership.
Proven experience leading enterprise Jenkins migrations or large CI/CD transformations.
Deep expertise in GitHub Actions: Workflow design, reusable workflows, composite actions, secrets, environments, approvals, policy controls
Strong understanding of CI/CD for multiple stacks (at least 2–3 of: Java, .NET, Node, Python, containers).
Experience with self-hosted runners (VM or Kubernetes) and scaling/operationalization.
Strong scripting/automation skills: Bash/Python/PowerShell, YAML, GitHub APIs (REST/GraphQL is a plus).
Strong communication and stakeholder management across engineering + security + leadership.
Preferred Qualifications (Nice to Have)
Experience with regulated enterprise environments (BFSI strongly preferred).
Experience implementing:
OIDC-based auth to cloud providers
SBOM/provenance, artifact signing, supply-chain security (SLSA concepts)
Familiarity with:
Terraform/Ansible, Kubernetes, ArgoCD/GitOps
Artifactory/Nexus, container registries
SonarQube/CodeQL, dependency scanning tools
Experience setting up CI/CD governance: standards, templates, enablement, documentation, and adoption programs.
Full-time