Title: DevSecOps Program Lead
Location: NYC (Hybrid, 3 days onsite)
Type: FTE, Direct Hire
Base Salary Range: Up to $260k
As the DevSecOps Program Leader, you will be responsible for developing and executing a strategic vision for DevSecOps adoption across the enterprise. You'll establish processes, standards, and tooling to ensure a secure Software Development Life Cycle (S-SDLC). This role will involve close collaboration with Security, DevOps and Engineering teams to build a culture that integrates security into every step of our development pipeline.
This will be an individual contributor, thought leader position - aligned to the Security verticle within the organisation. It will involve a fine balance of both hands-on technical expertise with your ability to think strategically, and develop long-term organizational goals.
Key Responsibilities:
Location: NYC (Hybrid, 3 days onsite)
Type: FTE, Direct Hire
Base Salary Range: Up to $260k
As the DevSecOps Program Leader, you will be responsible for developing and executing a strategic vision for DevSecOps adoption across the enterprise. You'll establish processes, standards, and tooling to ensure a secure Software Development Life Cycle (S-SDLC). This role will involve close collaboration with Security, DevOps and Engineering teams to build a culture that integrates security into every step of our development pipeline.
This will be an individual contributor, thought leader position - aligned to the Security verticle within the organisation. It will involve a fine balance of both hands-on technical expertise with your ability to think strategically, and develop long-term organizational goals.
Key Responsibilities:
- DevSecOps Framework: Collaborate with Security/DevOps/Engineering teams to design, implement, and manage a robust DevSecOps framework that integrates security tools and processes into our CI/CD workflows, improving both security and developer efficiency.
- Security Leadership: Foster a security-first culture by guiding the development teams in secure coding practices and development methodologies. Advocate for secure development principles and ensure they are embedded across all projects.
- Policy and Standard Creation: Establish enterprise-wide DevSecOps policies and standards. Conduct regular training and awareness programs to ensure all team members understand and apply best security practices.
- Risk Management: Develop Key Risk Indicators (KRIs) to monitor security health across various business units. Track progress, identify risks, and take corrective action where necessary.
- Security Tooling: Implement and manage security testing tools within the CI/CD pipeline, including static and dynamic application security testing (SAST, DAST), software composition analysis (SCA), and open-source security tools to ensure comprehensive vulnerability management.
- Automation and Compliance: Collaborate with Engineering to automate security controls and compliance checks in the development pipeline, ensuring the adoption of industry standards and regulatory compliance across all systems.
- Issue Resolution: Act as the primary point of contact for troubleshooting and resolving security issues throughout the software development lifecycle, ensuring timely and effective resolution.
- Continuous Improvement: Stay updated on emerging security threats, vulnerabilities, and best practices, using this knowledge to refine our security posture and enhance the effectiveness of DevSecOps practices.
