Trility Consulting is seeking a Principal DevSecOps Consultant to lead a short-term engagement focused on establishing secure secrets management patterns, strengthening application security practices, and creating repeatable DevSecOps standards across a modern Azure-based environment.
In this role, you will serve as a trusted advisor and hands-on technical leader, partnering with engineering and architecture teams to assess current-state practices, identify security gaps, design future-state patterns, and implement foundational security controls. This work will include designing and implementing secure secrets management solutions, establishing application security standards, improving SDLC controls, and creating reusable guidance that can be adopted across multiple teams and applications.
The ideal consultant combines enterprise architecture thinking with hands-on engineering expertise and is comfortable moving between technical implementation, security assessment, stakeholder discussions, and technical coaching.
This is a remote 1099 consulting engagement anticipated to last 6 weeks with potential to extend further.
Key Responsibilities
Assess current application security, secrets management, and DevSecOps practices to identify risks, gaps, and improvement opportunities
Design and implement repeatable secrets management patterns that can be adopted across multiple applications and teams
Develop and implement secure application integration patterns leveraging Azure Key Vault, Managed Identities, and related Azure-native services
Design and implement a secure Python-based framework or wrapper to standardize secrets handling across applications
Provide architectural guidance for extending secure secrets management patterns across Python, .NET, SQL Server, and future application workloads
Establish DevSecOps standards related to pipeline security, secret scanning, deployment controls, approval workflows, and secure software delivery practices
Analyze application, platform, and pipeline logs to troubleshoot deployment, networking, authentication, and security-related issues that impact solution adoption and operational stability
Establish DevSecOps standards related to pipeline security, secret scanning, deployment controls, approval workflows, and secure software delivery practices
Evaluate current SDLC processes and recommend improvements to strengthen security, governance, and operational consistency
Collaborate with engineering leadership and senior stakeholders to define practical implementation roadmaps and future-state architecture patterns
Create architecture documentation, implementation guidance, standards, and reusable playbooks to support long-term adoption
Demonstrate implemented solutions and provide coaching to internal engineering teams to accelerate adoption and self-sufficiency
Qualifications
5+ years of experience in DevSecOps, Cloud Architecture, Application Security, Platform Engineering, or related disciplines
Strong experience designing and implementing enterprise secrets management solutions
Hands-on experience with Azure Key Vault, Managed Identities, and Azure-native security patterns
Strong Azure architecture experience, including secure application integration and cloud security best practices
Experience designing and implementing secure application development and deployment patterns
Strong Python development experience with the ability to design and implement reusable security frameworks and application patterns
Working knowledge of .NET application architectures and secure application integration practices
Experience designing and implementing DevSecOps controls within CI/CD pipelines and software delivery workflows
Experience with Azure DevOps and modern source control and deployment practices
Experience implementing secret scanning, security validation, and secure deployment controls within software delivery pipelines
Experience troubleshooting complex deployment, networking, authentication, and security issues across cloud-native application environments
Ability to assess existing environments, identify gaps, and develop practical remediation plans
Strong written and verbal communication skills with the ability to influence senior technical stakeholders and engineering leadership
Preferred Experience
Experience modernizing DevSecOps practices from Azure DevOps to GitHub-based workflows
Experience working within highly regulated or security-sensitive environments
Familiarity with application security assessment methodologies and secure coding practices
Experience creating enterprise architecture standards, technical playbooks, and reusable implementation patterns
Experience leading consulting engagements involving security transformation initiatives
Similar Jobs
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
