DevSecOps Lead - DevSecOps

Photon - Parsippany-Troy Hills, NJ

posted 3 months ago

Full-time - Senior
Parsippany-Troy Hills, NJ
Professional, Scientific, and Technical Services

About the position

We are seeking a highly skilled and experienced DevSecOps Lead to spearhead the integration of security into our DevOps processes for a global digital platform. The ideal candidate will have a deep understanding of both development and security best practices, and will play a crucial role in ensuring that our platform is secure, scalable, and compliant with global standards. This role involves close collaboration with development, operations, and security teams to embed security throughout the software development lifecycle. In this position, you will lead the design, implementation, and management of DevSecOps practices across the global digital platform, ensuring that security is integrated into every phase of the software development lifecycle. You will develop and implement security automation tools and processes to streamline security testing, monitoring, and compliance checks within CI/CD pipelines. Regular security risk assessments, vulnerability scanning, and threat modeling will be part of your responsibilities to identify and mitigate potential security risks across the platform. You will ensure that the platform complies with global security standards, regulations, and best practices, such as GDPR, ISO 27001, and others relevant to the regions of operation. Collaboration with development, operations, and security teams will be essential to foster a culture of security awareness and ensure that all team members are trained on secure coding and DevSecOps practices. Additionally, you will implement continuous monitoring tools and processes to detect, respond to, and recover from security incidents, ensuring minimal disruption to the platform. Integrating security tools and solutions (e.g., SAST, DAST, SIEM, WAF) into the DevOps pipeline will be a key part of your role, ensuring that security is an integral part of the development and deployment process. You will also optimize the DevSecOps processes to enhance efficiency without compromising security, ensuring that the platform remains fast, reliable, and secure. Documentation and reporting on security metrics and improvements to senior management will be required, along with staying updated on the latest DevSecOps trends, tools, and best practices to continuously improve the security posture of the platform.

Responsibilities

  • Lead the design, implementation, and management of DevSecOps practices across the global digital platform.
  • Develop and implement security automation tools and processes to streamline security testing, monitoring, and compliance checks within CI/CD pipelines.
  • Conduct regular security risk assessments, vulnerability scanning, and threat modeling to identify and mitigate potential security risks across the platform.
  • Ensure that the platform complies with global security standards, regulations, and best practices, such as GDPR, ISO 27001, and others relevant to the regions of operation.
  • Work closely with development, operations, and security teams to foster a culture of security awareness and ensure that all team members are trained on secure coding and DevSecOps practices.
  • Implement continuous monitoring tools and processes to detect, respond to, and recover from security incidents, ensuring minimal disruption to the platform.
  • Integrate security tools and solutions (e.g., SAST, DAST, SIEM, WAF) into the DevOps pipeline, ensuring that security is an integral part of the development and deployment process.
  • Optimize the DevSecOps processes to enhance efficiency without compromising security, ensuring that the platform remains fast, reliable, and secure.
  • Create and maintain comprehensive documentation for DevSecOps processes, tools, and incident response plans.
  • Regularly report on security metrics and improvements to senior management.
  • Stay updated on the latest DevSecOps trends, tools, and best practices, continuously improving the security posture of the platform.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  • A Master's degree is a plus.
  • Minimum of 7-10 years of experience in IT, with at least 3-5 years in a DevSecOps or similar security-focused role.
  • Strong knowledge of DevSecOps practices, including secure coding, CI/CD pipelines, automation tools, and cloud security.
  • Proficiency with tools such as Jenkins, Docker, Kubernetes, Terraform, Ansible, etc.
  • Expertise in security best practices, including vulnerability management, threat modeling, and incident response.
  • Familiarity with security frameworks and standards (e.g., NIST, OWASP, CIS).
  • Experience with securing cloud environments (AWS, Azure, Google Cloud) and integrating cloud security tools and practices.
  • Strong analytical and problem-solving skills, with the ability to assess complex security challenges and implement effective solutions.
  • Excellent communication and collaboration skills, with the ability to work effectively with cross-functional teams and explain security concepts to non-technical stakeholders.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service