Technical DevSecOps Lead

We are looking for a skilled and proactive Technical DevSecOps Lead to lead our company's efforts to deliver secure software and automate infrastructure. The best candidate will have a lot of technical knowledge in development, security, and operations, and they will be able to make sure that security is a part of every step of the software development lifecycle. As the DevSecOps Lead, you will design, build, and keep systems that are scalable, secure, and always available. You will also mentor a high-performing team and work with people from different departments.

Most Important Tasks:

Be in charge of designing, building, and improving secure CI/CD pipelines, infrastructure as code, and automated deployment processes.

Add security controls and best practices to every step of the software development lifecycle (SDLC).

Work closely with the development, IT, and security teams to make sure that DevSecOps strategies fit with business goals and rules.

Lead and mentor a group of DevSecOps engineers, encouraging a culture of innovation, constant improvement, and technical excellence.

Do threat modeling, vulnerability assessments, and risk analysis on all of your applications and cloud infrastructure.

Make sure that cloud infrastructure management (AWS, Azure, GCP) is scalable, reliable, and secure.

Make rules for safe coding, containerization, and keeping secrets, and make sure they are followed.

Make the processes for checking compliance, auditing, and reporting automatic.

Look into, test, and use new tools and technologies to make things safer, more efficient, and easier to grow.

Make and give regular reports to senior leadership about the state of DevSecOps, its risks, and its metrics.

Required Skills:

A bachelor's degree in computer science, information security, engineering, or a related field is required (a master's degree is better).

7 or more years of experience in DevOps, DevSecOps, or a similar field, with at least 2 years in a leadership role in technology.

A lot of experience with CI/CD tools like Jenkins, GitLab CI, and CircleCI, infrastructure as code tools like Terraform and CloudFormation, and container orchestration tools like Kubernetes and Docker.

A lot of experience with cloud security and administration (AWS, Azure, or GCP).

Able to write scripts in languages like Python, Bash, PowerShell, or something similar.

Experience using automated security testing tools (like Snyk, SonarQube, and Prisma Cloud) and managing application security and vulnerabilities.

Great skills in project management, communication, and leadership.

A deep understanding of rules and standards, like NIST, SOC 2, and ISO 27001.

Skills That Are Preferred

AWS Certified DevOps Engineer, Certified Kubernetes Security Specialist (CKS), CISSP, or a similar certification are all good examples.

Knowledge of security for microservices and serverless architectures.

Knowledge of SIEM solutions and how to respond to incidents.

Experience in fields with a lot of rules, like finance and healthcare.

Pay and benefits:

Pay per hour: $75 to $110 (depending on how much experience you have)

Full coverage for medical, dental, and vision care; a 401(k) plan with company match

Paid time off (PTO) and holidays at work

Work from home and flexible work hours

Pay for professional development and certification

Program for helping employees (EAP)

A work culture that is open to everyone, encourages new ideas, and gets things done quickly

Regular evaluations of performance and chances for advancement