DevSecOps Leader

Ally Financial - Charlotte, NC

posted 9 days ago

Full-time - Senior
Onsite - Charlotte, NC
Credit Intermediation and Related Activities

About the position

The DevSecOps Leader at Ally Financial is responsible for integrating security practices within the DevOps framework, ensuring security is embedded throughout the software development lifecycle (SDLC). This role involves leading the implementation of secure development practices, managing infrastructure security, and building automation pipelines using advanced tools and technologies. The leader will collaborate with development, operations, and security teams to maintain a robust CI/CD pipeline that prioritizes security, quality, and compliance.

Responsibilities

  • Develop and execute a comprehensive DevSecOps strategy that integrates security into the CI/CD pipelines
  • Lead and mentor DevSecOps engineers, fostering a collaborative, high-performance team environment
  • Work closely with cross-functional teams (engineering, IT, security, etc.) to ensure alignment on security best practices
  • Partner with Development teams to ensure coding standards are in alignment with DevOps practices with respect to Tools, Standards and Security
  • Design, implement, and manage secure, automated CI/CD pipelines using GitLab
  • Integrate security tools (SAST, DAST, IAST, and open-source vulnerability scanning) into pipelines to catch vulnerabilities early in the development cycle
  • Establish security gating mechanisms for code deployments, ensuring that only secure and compliant code is promoted to production
  • Manage and secure infrastructure using AWS services (EC2, S3, Lambda, etc.), ensuring best practices in cloud security
  • Implement infrastructure-as-code (IaC) with Terraform to provision, manage, and secure cloud resources
  • Use containerization technologies (e.g., Docker, Kubernetes) to build, deploy, and manage secure containerized applications
  • Implement and manage static and dynamic code analysis tools (e.g., SAST, DAST) to continuously monitor code for vulnerabilities
  • Perform security risk assessments, vulnerability management, and remediation of security incidents
  • Enforce compliance policies by integrating automated compliance checks within the DevOps pipeline
  • Provide documentation and reporting for internal and external audits
  • Work with AI-driven DevOps tools to enhance automation, monitoring, and continuous learning for teams
  • Deliver regular training sessions to the development, operations, and security teams to keep security awareness high

Requirements

  • Bachelor's Degree in Computer Science, Engineering, Information Technology
  • 5+ years of experience in DevSecOps, including hands-on experience with DevOps tools and security practices
  • 5+ years of experience in Java, JavaScript, and Python coding
  • Deep knowledge of CI/CD pipelines, automated deployments, and securing cloud-based applications
  • Proficiency in GitLab, AWS, Terraform, Docker, Kubernetes, and related containerization technologies
  • Experience with security scanning tools, such SAST, DAST, open-source, or related
  • Familiarity with security automation and AI-driven tools in DevOps
  • In-depth knowledge of security best practices, compliance standards, and regulatory frameworks

Nice-to-haves

  • Experience with AI/ML-based security monitoring tools
  • Certifications like AWS Certified Solutions Architect, Certified Kubernetes Administrator (CKA), or Certified DevSecOps Professional
  • Familiarity with code coverage tools

Benefits

  • 11 paid holidays
  • 20 paid time off days
  • 8 hours of volunteer time off
  • 401K retirement savings plan with matching and company contributions
  • Student loan pay downs and 529 educational save up assistance programs
  • Tuition reimbursement
  • Employee stock purchase plan
  • Flexible health and insurance options including medical, dental and vision
  • Employee, spouse and child life insurance
  • Short- and long-term disability
  • Pre-tax Health Savings Account with employer contributions
  • Healthcare FSA
  • Critical illness, accident & hospital indemnity insurance
  • Total well-being program
  • Adoption, surrogacy and fertility assistance
  • Paid parental and caregiver leave
  • Dependent Day Care FSA
  • Childcare discounts
  • Mentally Fit Employee Assistance Program
  • Subsidized and discounted Weight Watchers® program
  • Travel allowances
  • Relocation assistance
  • Signing bonus
  • Equity

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service