DevOps - Engineering Manager

About Plum

Plum is an employee insurance and health benefits platform focused on making health insurance simple, accessible and inclusive for modern organizations.

Healthcare in India is seeing a phenomenal shift with inflation in healthcare costs 3x that of general inflation. A majority of Indians are unable to afford health insurance on their own; and so as many as 600mn Indians will likely have to depend on employer-sponsored insurance.

Plum is on a mission to provide the highest quality insurance and healthcare to 10 million lives by FY2030, through companies that care. Plum is backed by Tiger Global and Peak XV Partners.

About the role

(Please read this carefully)

We are seeking a highly skilled and experienced Software Engineering Manager - DevSecOps to lead our DevSecOps initiatives. The ideal candidate should have knowledge in three key areas:

1. Application and infrastructure security

2. Risk controls and compliance

3. CX/vendor security evaluation

This role requires a blend of technical expertise and leadership to manage a team of engineers, ensuring the security, risk control, compliance, vendor security evaluation, reliability, and efficiency of our CI/CD pipelines and development processes. You will work closely with cross-functional teams to implement robust security measures, optimize our DevOps practices, and drive compliance initiatives.

Key Responsibilities:

• Lead and mentor a team of DevSecOps engineers, fostering a collaborative and innovative work environment.
• Architect, implement, and maintain CI/CD pipelines, ensuring they are secure, efficient, and reliable.
• Integrate and manage DevSecOps tools within the CI/CD pipeline, including static code analysis, security scans, and automated testing.
• Drive the implementation of security best practices and compliance initiatives (e.g., ISO27001, SOC2).Collaborate with development, IT, and security teams to identify and resolve security vulnerabilities and risks.
• Manage security operations, including SOC monitoring and incident management.
• Implement and maintain security controls at the IT and infrastructure levels.
• Optimize R&D spend through cost-effective tool migrations and consolidations.
• Coordinate with external pentesting teams to resolve security issues.
• Provide guidance and support to engineering teams on secure coding practices and security tool integrations.
• Streamline technology, processes, and tools to enhance efficiency and performance.

Required Qualifications:

• Bachelor's or Master’s degree in Computer Science, Information Security, or a related field.
• Minimum of 8 years of experience in CI/CD, DevSecOps, Automation, Quality Engineering, and Cybersecurity.
• At least 8 years of experience in technical leadership and managing security teams.
• Proven experience in building and leading high-performing teams, coaching, and mentoring engineers.
• Hands-on experience with DevSecOps tools and practices, including static code analysis, security scans, and automated testing.
• Strong background in architecting CI/CD processes from scratch and optimizing DevOps functions.
• Extensive experience with security and compliance frameworks (ISO27001, SOC2).Proficiency in managing security operations, SOC, incident management, and IT teams.
• Experience with cloud platforms (AWS, Azure, GCP), containerization (Docker, Kubernetes), and CI/CD tools (Azure DevOps, Jenkins).Knowledge of IAM principles, encryption techniques, and secure network configurations in the cloud.
• Excellent interpersonal and communication skills, with the ability to work effectively with all levels of management.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• ISO 27001 Lead Auditor