Create Alert
Email me similar jobs

GitHub Actions Engineer – CI/CD & DevSecOps

Overview

We are looking for a mid-level GitHub Actions Engineer to design, build, and operate CI/CD pipelines using GitHub Actions, embedding DevSecOps practices — build, test, security scanning, and deployment — into every workflow. The role requires hands-on pipeline engineering skill combined with a security-first mindset.

Responsibilities

  • Design, develop, and maintain reusable GitHub Actions workflows, composite actions, and shared workflow templates.
  • Build end-to-end CI/CD pipelines covering build, unit testing, SAST/DAST, SCA, container scanning, and deployment stages.
  • Set up and manage self-hosted runners, runner groups, and auto-scaling strategies for on-prem and cloud workloads.
  • Integrate GitHub Actions with cloud platforms (AWS/Azure/GCP) for automated infrastructure provisioning and application deployment.
  • Implement secure secrets management using GitHub Environments/Secrets and OIDC-based federated authentication to cloud providers.
  • Optimize pipeline performance through matrix builds, dependency/build caching, and artifact management.
  • Embed security gates into workflows using CodeQL, Dependabot, Secret Scanning, and tools such as Trivy/Snyk/SonarQube.
  • Troubleshoot pipeline failures, reduce build/deployment times, and drive continuous improvement of CI/CD practices.
  • Partner with development teams to define branching, release, and environment promotion strategies.
  • Build dashboards/reports to track CI/CD health metrics — deployment frequency, lead time, and change failure rate.

Qualifications

  • Bachelor's degree in Computer Science, Information Technology, or a related field.
  • 4–6 years of overall experience in CI/CD, build & release engineering, or DevOps roles.

Essential skills

  • Strong hands-on experience authoring GitHub Actions workflows (YAML) and custom/composite actions.
  • Experience with containerization (Docker) and deploying to Kubernetes/OpenShift environments.
  • Working knowledge of Infrastructure-as-Code tools such as Terraform and/or Ansible.
  • Scripting skills in Bash, Python, or PowerShell for pipeline tooling and automation.
  • Familiarity with security scanning tools — CodeQL, Snyk, Trivy, SonarQube — and integrating them into pipelines.
  • Practical experience with at least one major cloud platform (AWS, Azure, or GCP).
  • Solid understanding of Git workflows, including GitFlow and trunk-based development models.

Desired skills

  • Experience migrating pipelines from Jenkins, GitLab CI, or Azure DevOps to GitHub Actions.
  • Knowledge of OIDC federated authentication patterns for keyless cloud deployments.
  • Relevant GitHub Actions, DevOps, or cloud platform certifications.