Change & Release Management Engineer

Category:

Information Technology

Employment Type:

Contract

Reference:

BH-382320

Change & Release Management Engineer
12+ month contract
Plano, TX (onsite 4 days a week)

Requirements

• Education Level: Bachelor's Degree Required
• 10 years of relevant work experience is required in addition to the required work experience.
• ITIL Certification (version 3 or 4) is preferred.
• Strong understanding of ITIL best practices.
• JIRA Service Management and ServiceNow = Required, 5 year a minimum.

• Demonstrated experience in IT operations and IT Service Management position
• Proven experience with IT Service Management, and ITIL practices, with practitioner certification in Incident, Change, Release, and Problem Management preferable
• Knowledge of deployment and implementation methodologies (Agile, CI/CD, Blue/Green, Canary) of related technical change management experience
• Experience in project management and knowledge of approaches, tools, and phases of the project lifecycle.
• Solid understanding of the software development lifecycle
• Understanding of configuration management principles
• Automate with CI/CD: Use CI/CD pipelines for provisioning and configuration management to eliminate manual processes. Tools like Terraform (for Infrastructure as Code) and Ansible (for configuration management) allow you to define, provision, and configure environments in code, ensuring consistency across environments and facilitating repeatability.
• Audit Current Environment Setup: Perform a baseline audit of your current environments, configurations, and processes. Use automated tools like Terraforms validate and Ansibles dry-run capabilities to identify inconsistencies, inefficiencies, or unnecessary complexity.
• Automated Risk Assessment: Use tools like OWASP Dependency-Check for identifying risks in software dependencies and automated vulnerability scanners (e.g., Snyk) for assessing security issues.
• Gap Analysis: Compare your current practices against industry standards using frameworks like CMMI or COBIT to ensure alignment with best practices, focusing on areas that will deliver the most value with minimal effort.
• Role-Based Access Control (RBAC): Implement RBAC through automation. Tools like HashiCorp Vault for secrets management or AWS IAM/Azure AD for access management can automate and enforce access controls based on roles and responsibilities. Define roles at the level of environment, user groups, and data access to prevent over-privilege.
• Least Privilege Principle: Ensure that access is granted based on necessity, limiting access rights to only what's required for users or systems to perform their tasks. Use tools that integrate with your CI/CD pipeline to dynamically provision and revoke access based on deployment contexts.
• Self-Service Access Requests: Enable a self-service model where users can request access or approval to environments through a controlled, automated workflow that logs all access requests for transparency (e.g., Okta, Azure AD with approval workflows).
• Anonymize or Use Synthetic Data: For lower environments, anonymize sensitive data or use synthetic test data. Leverage tools like DataMasker or Redgate Data Generator for automating data anonymization. This ensures compliance with data protection regulations (GDPR, CCPA) while maintaining realistic test conditions.
• Automated Data Refresh: Create automated scripts that can refresh data on-demand after every environment update. This can be integrated into your CI/CD pipeline to ensure that each time an environment is spun up, it contains the latest test data (either fresh or anonymized).
• Data Quality Monitoring: Use automated tools that can check the integrity of test data sets, ensuring they meet the necessary quality standards before being used in testing.
• Lightweight Change Control: Adopt a "lean" change management process by focusing on changes that impact stability, security, and compliance. Leverage GitOps principles, where all changes are made declaratively and reviewed via pull requests (PRs), and only changes to the environment infrastructure need approval.
• Automate Approvals: Use automated workflows for approvals (e.g., Jira or ServiceNow integrations). This reduces the overhead of manual reviews and speeds up decision-making. Ensure the automation tracks all approvals to ensure compliance.
• Continuous Deployment with Gateways: Integrate environment-specific gates (e.g., tests, approvals) into your CI/CD pipeline that require certain conditions (e.g., successful automated tests, security scans) before changes can be deployed. This ensures stability while maintaining speed.
• Centralized Monitoring and Alerts: Use existing tools like Datadog, Prometheus, and Grafana to aggregate logs and metrics across lower environments. Set up automated alerts for key performance indicators (KPIs) related to environment health, deployments, and test results.
• Continuous Feedback: Implement automated feedback loops that alert QA and development teams immediately when environment issues or failures occur, allowing for quick resolution. Use tools like Slack or MS Teams integrations for real-time notifications of monitoring data.
• Automated Backups: Set up automated backup processes for critical configurations and data using tools like AWS Backup, Azure Backup, or Bacula. Implement retention policies based on business needs.
• Disaster Recovery Testing: Automate the recovery process by integrating backup recovery tests into your CI/CD pipeline. This ensures that the process is tested regularly, and recovery steps are documented and automated.
• Cloud-based Redundancy: If applicable, leverage cloud-native features like AWS Availability Zones or Azure Regions to minimize downtime in case of failure, keeping the recovery process lean and reliable.
  Shift Left on Quality: Incorporate shift-left testing practices where automated testing is integrated into earlier stages of the pipeline, reducing the need for manual intervention and improving efficiency.
• Documentation Automation: Use tools like MkDocs or Swagger/OpenAPI to automate the generation of documentation based on your configurations and code. This minimizes overhead while ensuring that documentation stays up-to-date with the latest changes.
• Environment as Code: Fully embrace the concept of environment as code. With tools like Kubernetes and Docker, you can define your environments in configuration files that are part of your source control, ensuring they are versioned and fully reproducible.
• Work to ensure our ITSM practices around key areas such as Change, and Release Management are consistently being followed and processes run smoothly and effectively.
• Work to further develop, modify, and optimize our existing Service Management Practices as appropriate.
• Collaborate with business and IT stakeholders to ensure smooth and reliable delivery of software and systems to fulfill business objectives, support business processes, and ensure business continuity.
• Assist the Program/Project Manager and development teams across multiple workstreams in planning, maintaining Forward Schedule Release Calendar, and timely communication of release schedules, artifacts, and status to all stakeholders.
• Conduct release readiness reviews, and milestone reviews, lead and coordinate the go-live activities including the execution of the deployment plans and checklists
• Ensure that the organization's release controls are documented and well understood by development teams and support teams
• Ensure that all changes are managed in a controlled manner, including standard, normal, and emergency maintenance relating to business processes, applications, and infrastructure
• Participate/Chair the Change Advisory Board (CAB) and ensure the CAB has the information needed to evaluate changes Providing oversight of expedited and emergency changes, ensuring the correct escalation path is followed
• Evaluate all requests for change (RFCs) to determine the impact on business processes and IT services, and to assess whether change will adversely affect the operational environment and introduce unacceptable risk
• Ensure that changes are logged, prioritized, categorized, assessed, authorized, planned, and scheduled, and are introduced in a controlled and coordinated manner
• Ensure all P1 incidents and selected P2 incidents are resolved appropriately and forwarded through the appropriate problem management process as required
• Coordinating Post Change reviews with the change owners as necessary, feeding any follow-up actions into the Problem Management / Root Cause Analysis (RCA) processes