Associate Expert

About the Role- The DevOps Guild is the engine that makes the right way the easiest way for engineering squads across AXA UK — through automation, templates, golden paths, and self-service tooling that enable teams to deliver securely and efficiently. As a DevOps Engineer, you will be embedded within delivery squads in the early stages, working hands-on to deliver real outcomes. As you build experience of the patterns that emerge across the estate, you will contribute reusable components, templates, and tooling that other teams can adopt. Over time, the balance shifts toward building shared capability that multiplies the impact of every engineer in the organisation. What You Will Work On - Golden Paths & Developer Experience Design and evolve golden paths — opinionated, pre-approved routes from code commit to production — across the AXA engineering estate. Measure and improve time-to-first-deploy and developer satisfaction scores. Create and maintain self-service onboarding that requires zero tickets to a Guild engineer. CI/CD Pipeline Engineering Build and maintain Azure DevOps YAML pipeline templates — extends, parameters, stages, and shared library patterns — for adoption across the organisation. Author and maintain GitHub Actions reusable workflows and composite actions for org-wide adoption. Embed security gates (SAST, DAST, SCA, secret scanning, container scanning) as default stages — squads get them without configuration. Implement policy enforcement: required templates, branch protection, approval gates, and audit trails. Infrastructure as Code Design and publish Terraform modules and Bicep modules into versioned registries (Azure Artifacts / JFrog Artifactory / ACR). Enforce secure-by-default patterns: private endpoints, managed identities, encryption at rest and in transit, tagging, and cost guardrails — baked in, not bolted on. Write and run IaC tests using Terratest, PSRule, and Checkov integrated into CI. Contribute to compliance-as-code: embed GDPR, PCI, and AXA-specific controls into modules so squads inherit them automatically. Container Engineering Container-based delivery is a strategic direction we are actively introducing across AXA UK. Container orchestration platforms are being evaluated for adoption — including OpenShift, offered through AXA Group. We are looking for engineers with hands-on container experience who can help shape our approach. Practical experience building and working with containers: writing Dockerfiles, multi-stage builds, image management, and container security principles. Familiarity with a container orchestration platform — such as OpenShift, Kubernetes, or equivalent — and core concepts: resource management, security contexts, networking, and deployment patterns. Understanding of container security practices: image scanning, supply chain integrity, and policy enforcement. Key Responsibilities 1. Design and maintain the golden path library — pipeline templates, IaC modules, container standards, and application starters — keeping them secure, current, and well-documented. 2. Own the Azure DevOps and GitHub Actions template estate — review, approve, and evolve templates in response to squad feedback and platform changes. 3. Publish and version IaC modules (Terraform and Bicep) into registries, with semantic versioning, changelogs, and deprecation policies. 4. Instrument and improve developer experience — measure adoption, time-to-deploy, and failure rates; run regular squad feedback cycles. 5. Embed security-by-default across all platform deliverables — no squad should have to configure security; it must be on by default. 6. Contribute to the introduction of new engineering capabilities — including containerisation, AI-assisted development tooling, and modern delivery patterns as they are adopted across the estate. 7. Write and maintain technical documentation in a format that engineers can self-serve from — README files, runbooks, and architecture decision records (ADRs). 8. Mentor and support Guild colleagues and squad engineers on DevOps practices, IaC patterns, and platform tooling. Required Skills & Experience Core Engineering Tooling Azure DevOps — YAML pipelines, pipeline templates (extends), variable groups, environments, approvals, and library management. GitHub Actions — reusable workflows, composite actions, workflow dispatch, environment protection rules, and OIDC-based auth. Containers — practical experience with Dockerfiles, multi-stage builds, image management, and container security principles. Container orchestration — familiarity with a managed orchestration platform (OpenShift, Kubernetes, or equivalent); understanding of resource management, security contexts, and deployment patterns. Infrastructure & Cloud Terraform — module design, state management (remote backends), workspace strategy, Terratest, Checkov / tfsec, and Terraform Cloud / Azure Backends. Bicep — module design, registry publishing (ACR), parameter files, PSRule for Azure, and what-if deployments. Azure — familiarity with core services: App Service, Azure Functions, Key Vault, Storage, Networking (VNets, Private Endpoints, NSGs), and Azure Monitor. Security & Compliance Secret management: Key Vault, managed identities, OIDC federation — no static credentials. Policy-as-code: Azure Policy, Kyverno, OPA, and Checkov. Supply chain security: SBOM generation, container image signing, dependency scanning. Branch protection, required reviewers, signed commits, and audit log awareness. Development & Collaboration Proficiency in Python or PowerShell for tooling automation and scripting. Git fluency: branching strategies, conventional commits, semantic versioning, and GitOps patterns. Documentation-as-code: Markdown, ADRs, and runbooks in version control. Desirable Skills Experience building MCP servers or AI agent toolchains (particularly relevant to the Agentic AI Foundation workstream). Azure AI Foundry or Azure OpenAI service. Dynatrace or similar full-stack observability platforms. GitHub Advanced Security (GHAS): code scanning, secret scanning, Dependabot, and security campaigns. ArgoCD or Flux for GitOps-based deployments. Experience working in a platform engineering or internal developer platform (IDP) team. Azure certifications: AZ-400 (DevOps Engineer Expert), AZ-305 (Solutions Architect), or equivalent. What Good Looks Like Behaviour Example Platform thinking "I'll build a module that 20 squads can use" not "I'll fix it for this one squad" Security by default Modules include private endpoints and managed identities without squads asking Feedback-driven Runs regular squad retros on golden path adoption; acts on findings Docs as a first-class output Every template ships with a README, example, and runbook Cost-aware Default SKUs are right-sized; tagging is enforced; FinOps dashboards are enabled Iterative shipping Ships v1 to one squad, learns, then scales — doesn't over-engineer upfront Working Environment Agile / Guild model — two-week sprints, guild ceremonies, and regular cross-squad engagement. Tools: GitHub Enterprise, Azure DevOps, VS Code, GitHub Copilot, Terraform, Bicep, Azure CLI, PowerShell, Docker, Helm, JFrog Artifactory. Ways of working: Documentation-first, ADRs for significant decisions, peer review for all IaC and pipeline changes, no single-person ownership of critical paths. Collaboration: Close partnership with Security, Architecture, and individual delivery squads across the AXA UK engineering estate.