DevOps SRE -GitHub (L3/L4)

About Us:

ALOIS is a trusted staffing partner across Australia & NZ, managing 250+ consultants and supporting several major multinational clients. Our 75,000+ strong IT talent network and fast delivery model enable us to meet hiring needs with precision and efficiency.

From Sydney to Perth and everywhere in between, we’re driven by one purpose: to empower Australian businesses and professionals to thrive in a rapidly changing world of work. At ALOIS Australia, every challenge is an opportunity to innovate, and every partnership is built on trust, transparency, and long-term success.

Job Title – DevOps SRE -GitHub (L3/L4)

Job Location – Sydney

Experience – 10+ Years

Employment Type – Contract

Work Authorization: Applicants must have valid working rights in Australia. (Visa sponsorship is not available for this role)

What role you will play in Team:

We’re seeking a highly skilled and security-focused GitHub Subject Matter Expert (SME) to drive the modernization and secure consolidation of our code repositories onto the strategic GitHub Enterprise Cloud platform. This role is central to enforcing enterprise-level security standards, implementing modern identity management, and ensuring robust governance across our entire development ecosystem.

The SME will serve as the top technical authority on GitHub architecture, policy enforcement, and complex integrations, transforming our development practices to align with DevSecOps best practices.

Key Responsibilities and Deliverables

The SME will lead and execute initiatives across four critical areas, directly impacting developer productivity and organizational security:

1. Enterprise Identity and Access Management (IAM):

• EMU Implementation: Design and implement the migration from existing Single Sign-On (SSO) to Enterprise Managed Users (EMU) to centralize user lifecycle management and enforce corporate identity standards.

• IdP Integration: Serve as the technical lead for integrating GitHub Enterprise Cloud with our Identity Provider (IdP) (e.g., Azure AD/Google Workspace) for seamless SSO and Multi-Factor Authentication (MFA).

• RBAC and Policy: Define, implement, and enforce a Role-Based Access Control (RBAC) model founded on the principle of least privilege across all GitHub Organizations.

• Token Governance: Overhaul and formalize the Personal Access Token (PAT) policy, implementing short-lived expiry dates and fine-grained permissions for both human and service accounts.

2. Repository Migration and CMDB Integration

• Discovery & Migration: Identify, catalogue, and prepare all code repositories across the Woolworths Group for migration to GitHub, ensuring no code is left behind.

• CMDB Synchronization: Integrate the GitHub repository catalogue with the central Configuration Management Database (CMDB), automating the synchronization of metadata (e.g., repository owner) for real-time visibility and reporting.

3. Code Security and Secret Management:

• Secret Scanning: Implement and manage GitHub Secret Scanning across all repositories to identify and triage embedded secrets (API keys, passwords).

• Proactive Protection: Review Push Protection globally across all GitHub repositories to proactively block new secrets from being committed to code history.

• Vulnerability Management: Systematically analyze secret findings, prioritize remediation efforts based on vulnerability and risk, and formalize the migration of all active secrets into an approved vaulting solution.

4. API Security and Incident Response

• API Security Review: Lead a security review of our API utilization and exposure across platforms like Apigee, Microsoft Graph, and Azure API Gateway, using CodeQL to analyze usage patterns and potential vulnerabilities in the code.

• Incident Activity: Perform in-depth security code reviews to remediate identified issues and quickly identify repositories affected by security incidents, prioritizing those that are externally facing.

Required Skills and Qualifications:

Technical and Analytical Expertise (Must-Haves)

• Deep GitHub Administration: Extensive, hands-on experience managing and governing GitHub Enterprise Cloud environments, including organization and enterprise-level settings.

• Identity & Access Management: Proven expertise in SAML SSO, SCIM, and IdP integration (e.g., Azure AD/Google Workspace). Experience with the entire EMU setup and migration lifecycle

• DevSecOps Automation: Strong scripting skills (e.g., Python, Bash) and experience with GitHub Actions/Workflows to automate security policies, repository metadata updates (CMDB integration), and remediation tasks.

• API Security: Strong understanding of API security principles (OAuth, scopes, token usage) and experience reviewing code that integrates with major platforms (Apigee, Microsoft Graph).

Good to have

• Azure devops admin experience

Soft Skills and Certifications:

• Analytical Rigor: Exceptional analytical skills with the ability to translate complex security findings (CodeQL results) into prioritized, actionable technical remediation plans.

• Communication: Excellent verbal and written communication skills, capable of articulating complex security risks to both technical engineers and executive stakeholders.

Certification (mandatory): GitHub Certified Administrator or equivalent enterprise security certification (e.g., related to cloud security or identity management).

Stay Connected with us:

Learn more about ALOIS in Australia, visit our webpage ALOIS Australia

Follow us on LinkedIn and Instagram

EEO Statement:

ALOIS Australia is committed to fostering a diverse and inclusive workplace. We provide equal employment opportunities to all qualified applicants and do not discriminate on the basis of race, colour, religion, sex, age, national origin, disability, or any other characteristic protected under applicable laws. We value diversity and believe it strengthens our people, our culture, and the outcomes we deliver.