DevSecOps Architect

This is a fully remote position, open to applicants in Virginia.

📋 Description

• Spearhead the advancement of the software delivery lifecycle by integrating security at every phase of the CI/CD pipeline.

• Design and uphold automated CI/CD pipelines that leverage AI/ML models for both static and dynamic analysis (SAST/DAST) to uncover intricate vulnerabilities overlooked by conventional rule-based tools.

• Create security frameworks for the comprehensive AI lifecycle, encompassing data ingestion security, model weights protection, and the implementation of 'Guardrail' architectures for Large Language Models (LLMs).

• Develop AI-driven orchestration (SOAR) to automate the triage and resolution of security findings, thereby minimizing manual workload for engineering teams.

• Implement governance across the enterprise utilizing tools like Open Policy Agent (OPA) to automatically enforce security compliance in multi-cloud environments.

• Perform advanced threat modeling for cloud-native applications, specifically addressing AI-related attack vectors such as model inversion or data poisoning.

• Build self-service security tools and 'Golden Paths' that enable developers to deploy securely with minimal friction, promoting a proactive security culture.

• Achieve 90% automated security coverage for all production-bound code.

• Employ AI to decrease vulnerability remediation time by 40% within the first year.

⛳️ Requirements

• A degree from an accredited College/University in a relevant field is mandatory.

• Over 10 years of IT experience, including more than 5 years focused on DevSecOps leadership in high-scale environments.

• Demonstrated success in applying AI/ML to address operational or security issues.

• Expert-level proficiency with Kubernetes, Terraform/Pulumi, and cloud platforms (AWS, Azure, or GCP).

• Mastery in integrating SAST, DAST, SCA, and Secret Scanning into GitHub Actions, GitLab CI, or Jenkins.

• Practical experience in securing MLOps pipelines and implementing security protocols for AI-integrated APIs.

• Proficiency in Python, Go, or Bash for developing custom security automation and AI-oriented scripts.

• Extensive knowledge of eBPF, Prometheus, and AI-enhanced logging/monitoring tools (e.g., Dynatrace or Datadog).

• Strong capability to connect the 'Speed of DevOps' with the 'Rigors of Security' while effectively communicating with executive leadership.

• Exceptional communication skills.

🏝️ Benefits

• Must successfully pass a drug screening, criminal history check, and credit checks.

• Must be a US Citizen or possess permanent residency status (Green Card).

• Must be able to obtain a Position of Public Trust Clearance.