DevSecOps Lead

This is a fully remote position, open to applicants in New York.

📋 Description

• Take ownership of the roadmap for secure SDLC controls and collaborate with Engineering and Product teams to implement standards that are practical, scalable, and auditable.

• Create and sustain secure development policies, implementation standards, and guidance for engineering teams.

• Propel the adoption of essential controls across repositories and pipelines, including branch protection, pull request requirements, code reviews, secrets scanning, dependency scanning, infrastructure-as-code scanning, and container image scanning.

• Collaborate with Engineering and Product teams to embed security guardrails into CI/CD workflows and developer tools.

• Assist in vulnerability management operations, covering intake, triage, remediation tracking, verification, and reporting.

• Develop reference implementations, templates, and onboarding guidance to enable teams to consistently adopt secure practices.

• Define and track metrics such as control coverage, vulnerability aging, SLA performance, and remediation progress.

• Prepare documentation and evidence that is ready for audits, demonstrating that controls are effectively implemented and operational.

• Assess and prioritize future enhancements, including SAST, DAST, SBOM generation, image signing, and broader improvements to software supply chain security.

⛳️ Requirements

• Over 6 years of experience in DevSecOps, security engineering, application security, cloud security, or DevOps.

• Proven experience in building or enhancing Secure SDLC, CI/CD security, or vulnerability management programs in contemporary engineering environments.

• Understanding of Git-based workflows, CI/CD systems, cloud-native development, containers, and repository security controls.

• Experience in implementing or governing controls such as branch protection, code reviews, secrets scanning, SAST, SCA, infrastructure-as-code scanning, or container scanning.

• Ability to translate security requirements into clear standards and practical implementation plans that are applicable for engineering teams.

• Comfortable influencing stakeholders across Security, Engineering, and leadership levels.

• Familiarity with GitHub Enterprise, GitHub Actions, Jenkins, or similar platforms is preferred.

• Experience in supporting SOC 2, audit readiness, or customer assurance initiatives is preferred.

• Knowledge of software supply chain security concepts such as SBOMs, image signing, and artifact integrity is preferred.

🏝️ Benefits

• Flexible work hours

• Flexible vacation

• Generous 401K match

• Parental leave

• Team events

• Wellness budget

• Learning reimbursement