DevSecOps Leader

$110,000 - $180,000/Yr

Ally Financial - Charlotte, NC

posted 8 days ago

Full-time - Mid Level
Onsite - Charlotte, NC
1,001-5,000 employees
Credit Intermediation and Related Activities

About the position

The DevSecOps Leader at Ally Financial is responsible for integrating security practices within the DevOps framework, ensuring security is embedded throughout the software development lifecycle (SDLC). This role involves leading the implementation of secure development practices, managing infrastructure security, and building automated pipelines using advanced tools and technologies. The position requires collaboration with development, operations, and security teams to maintain a robust and secure CI/CD pipeline, emphasizing security, quality, and compliance at every stage.

Responsibilities

  • Develop and execute a comprehensive DevSecOps strategy that integrates security into the CI/CD pipelines.
  • Lead and mentor DevSecOps engineers, fostering a collaborative, high-performance team environment.
  • Work closely with cross-functional teams (engineering, IT, security, etc.) to ensure alignment on security best practices.
  • Partner with Development teams to ensure coding standards are in alignment with DevOps practices with respect to Tools, Standards and Security.
  • Design, implement, and manage secure, automated CI/CD pipelines using GitLab.
  • Integrate security tools (SAST, DAST, IAST, and open-source vulnerability scanning) into pipelines to catch vulnerabilities early in the development cycle.
  • Establish security gating mechanisms for code deployments, ensuring that only secure and compliant code is promoted to production.
  • Manage and secure infrastructure using AWS services (EC2, S3, Lambda, etc.), ensuring best practices in cloud security.
  • Implement infrastructure-as-code (IaC) with Terraform to provision, manage, and secure cloud resources.
  • Use containerization technologies (e.g., Docker, Kubernetes) to build, deploy, and manage secure containerized applications.
  • Implement and manage static and dynamic code analysis tools (e.g., SAST, DAST) to continuously monitor code for vulnerabilities.
  • Perform security risk assessments, vulnerability management, and remediation of security incidents.
  • Enforce compliance policies by integrating automated compliance checks within the DevOps pipeline.
  • Provide documentation and reporting for internal and external audits.
  • Work with AI-driven DevOps tools to enhance automation, monitoring, and continuous learning for teams.
  • Deliver regular training sessions to the development, operations, and security teams to keep security awareness high.

Requirements

  • Bachelor's Degree in Computer Science, Engineering, Information Technology.
  • 5+ years of experience in DevSecOps, including hands-on experience with DevOps tools and security practices.
  • 5+ years of experience in Java, JavaScript, and Python coding.
  • Deep knowledge of CI/CD pipelines, automated deployments, and securing cloud-based applications.
  • Proficiency in GitLab, AWS, Terraform, Docker, Kubernetes, and related containerization technologies.
  • Experience with security scanning tools, such SAST, DAST, open-source, or related.
  • Familiarity with security automation and AI-driven tools in DevOps.
  • In-depth knowledge of security best practices, compliance standards, and regulatory frameworks.

Nice-to-haves

  • Experience with AI/ML-based security monitoring tools.
  • Certifications like AWS Certified Solutions Architect, Certified Kubernetes Administrator (CKA), or Certified DevSecOps Professional.
  • Familiarity with code coverage tools.

Benefits

  • 401(k) matching
  • Caregiver leave
  • Childcare
  • Dental insurance
  • Disability insurance
  • Employee assistance program
  • Employee discount programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service