Apply on Employer Site

Qualitest · 20 hours ago

#21291 - DevSecOps Release Manager

California, United States

Full-time

Hybrid

Senior Level

$140K/yr - $150K/yr

Qualitest is a leading AI-powered Quality Engineering Company, seeking a DevSecOps Release Manager to join their growing team. The role involves end-to-end release ownership, managing CI/CD pipelines, and integrating security controls to ensure smooth and secure software releases.

ConsultingEnterprise SoftwareInformation ServicesInformation TechnologyOutsourcingQuality AssuranceSoftwareTest and Measurement

H1B Sponsor Likely

Responsibilities

End to end release ownership across applications, ensuring timelines, dependencies, and risks are tightly managed

Hands on CI/CD engineering expertise, including building, maintaining, and troubleshooting pipelines

Strong DevSecOps discipline with integrated security controls and solid change/incident management

Integration planning with other apps

Release Planning & Governance

Own the maintenance of end-to-end release calendar, milestones, and scope across applications/services and environments (dev/test/stage/prod)

Facilitate release planning ceremonies: scope reviews, go/no-go, readiness checkpoints, cutover rehearsals, and PIRs (post-implementation reviews)

Coordinate with Modern Sales and Shared Services teams to align release content, dependencies, and windows

Ensure adherence to the Management Model SOPs for change, risk, approvals, and documentation

Own all release-related tickets and workflows in the designated system (e.g., Change Requests, Release Records, CAB submissions, approvals)

Ensure tickets meet SOP criteria: correct metadata, risk ratings, rollback/contingency plans, test evidence, and stakeholder sign-offs

Serve as the first escalation point for release incidents; manage war rooms, communications, and coordinated recovery

Perform root-cause analysis (RCA) and track corrective/preventive actions (CAPA) to closure

Build, operate, and troubleshoot CI/CD pipelines (e.g., YAML pipelines, build agents, artifact/versioning strategy, approvals, gate policies)

Execute release activities hands-on: tagging, packaging, artifact promotion, parameterization, configuration, and deployment orchestrations

Maintain pipeline-as-code standards, templates, and reusable components for consistency and scale

Optimize build/test stages (parallelization, caching, selective test runs) to improve lead time and reliability

Integrate security controls into the pipeline (SAST, SCA, secret scanning, container/image scanning, SBOM generation)

Enforce policy gates for quality and security thresholds (coverage, critical findings, license violations) prior to promotion

Partner with Security and Compliance to implement vulnerability triage workflows, risk exceptions, and remediation SLAs

Ensure approved artifacts/process steps, provenance/attestations, and secure supply-chain practices (e.g., least-privileged credentials, key rotation)

Collaborate with the Enterprise DevOps team to automate release and build processes end-to-end (infrastructure, pipelines, testing, deployments)

Contribute to and adopt enterprise standards (tooling, runners/agents, templates, guardrails, observability)

Drive 'shift-left' automation: automated environment provisioning, config-as-code, test data seeding, and blue/green/canary strategies

Champion infrastructure-as-code (IaC) practices for environment consistency and repeatability (e.g., Terraform/Bicep/ARM/Ansible)

Ensure test strategy coverage per release: unit, integration, API, performance, security, and UAT

Enforce quality gates in pipelines (test pass rates, defect leakage thresholds, performance baselines)

Coordinate test data management and environment readiness; prevent 'test flakiness' via stabilization efforts and quarantines

Ensure IT Testing is attached for each User Story, includes following up proactively throughout the release for testing evidence as stories are sent for PR review

Manage environment (Production is primary, but will also have responsibilities on lower environments), including sequencing, freeze windows, and promotion paths (dev → test → staging → prod)

Oversee configuration and secrets management aligned with enterprise standards

Validate monitoring, logging, and alerting are in place pre-release (dashboards, SLOs/SLIs, runbooks)

Conduct release health checks, smoke tests, and progressive rollouts with automated rollback criteria

Maintain up-to-date runbooks, playbooks, and support handoffs for on-call readiness

Maintain a single source of truth for release notes, change logs, deployment instructions, and rollback plans

Ensure audit-ready records: approvals, evidence, control adherence, and traceability from commit → build → artifact → release

Keep SOPs current; propose improvements based on retrospectives and audit feedback

Track and report DORA/SPACE-aligned metrics: deployment frequency, lead time for changes, change failure rate, MTTR, pipeline success rate

Run data-driven retrospectives and publish improvement backlogs (pipeline stability, test reliability, automation coverage)

Forecast release capacity and throughput; highlight bottlenecks and risks with actionable mitigation plans

In collaboration with the PO, assist in providing clear, concise status updates and release comms (roadmaps, readiness, risks, cutover plans, outcomes)

Align expectations with business stakeholders regarding scope, timing, and risk tolerance

Coach squads on release hygiene, versioning strategies (semver), branching models (GitFlow/Trunk-based), and 'build once, deploy many.'

Qualification

CI/CD engineeringDevSecOps disciplineRelease managementAzure DevOpsTerraformChange managementStakeholder communicationRoot-cause analysisCollaborationDocumentation

Required