DevSecOps Leader

Ally - Raleigh, NC

posted 8 days ago

Full-time - Mid Level
Onsite - Raleigh, NC
Printing and Related Support Activities

About the position

The DevSecOps Leader at Ally Financial is responsible for integrating security practices within the DevOps framework, ensuring security is embedded throughout the software development lifecycle (SDLC). This role involves leading the implementation of secure development practices, managing infrastructure security, and building automation pipelines using advanced tools and technologies. The position requires collaboration with development, operations, and security teams to maintain a robust and secure CI/CD pipeline, emphasizing security, quality, and compliance in every step of the process.

Responsibilities

  • Develop and execute a comprehensive DevSecOps strategy that integrates security into the CI/CD pipelines
  • Lead and mentor DevSecOps engineers, fostering a collaborative, high-performance team environment
  • Work closely with cross-functional teams (engineering, IT, security, etc.) to ensure alignment on security best practices
  • Partner with Development teams to ensure coding standards are in alignment with DevOps practices with respect to Tools, Standards and Security
  • Design, implement, and manage secure, automated CI/CD pipelines using GitLab
  • Integrate security tools (SAST, DAST, IAST, and open-source vulnerability scanning) into pipelines to catch vulnerabilities early in the development cycle
  • Establish security gating mechanisms for code deployments, ensuring that only secure and compliant code is promoted to production
  • Manage and secure infrastructure using AWS services (EC2, S3, Lambda, etc.), ensuring best practices in cloud security
  • Implement infrastructure-as-code (IaC) with Terraform to provision, manage, and secure cloud resources
  • Use containerization technologies (e.g., Docker, Kubernetes) to build, deploy, and manage secure containerized applications
  • Implement and manage static and dynamic code analysis tools (e.g., SAST, DAST) to continuously monitor code for vulnerabilities
  • Perform security risk assessments, vulnerability management, and remediation of security incidents
  • Enforce compliance policies by integrating automated compliance checks within the DevOps pipeline
  • Provide documentation and reporting for internal and external audits
  • Work with AI-driven DevOps tools to enhance automation, monitoring, and continuous learning for teams
  • Deliver regular training sessions to the development, operations, and security teams to keep security awareness high

Requirements

  • Bachelor's Degree in Computer Science, Engineering, Information Technology
  • 5+ years of experience in DevSecOps, including hands-on experience with DevOps tools and security practices
  • 5+ years of experience in Java, JavaScript, and Python coding
  • Deep knowledge of CI/CD pipelines, automated deployments, and securing cloud-based applications
  • Proficiency in GitLab, AWS, Terraform, Docker, Kubernetes, and related containerization technologies
  • Experience with security scanning tools, such SAST, DAST, open-source, or related
  • Familiarity with security automation and AI-driven tools in DevOps
  • In-depth knowledge of security best practices, compliance standards, and regulatory frameworks

Nice-to-haves

  • Experience with AI/ML-based security monitoring tools
  • Certifications like AWS Certified Solutions Architect, Certified Kubernetes Administrator (CKA), or Certified DevSecOps Professional
  • Familiarity with code coverage tools

Benefits

  • Competitive holiday and flexible paid-time-off, including time off for volunteering and voting
  • Industry-leading 401K retirement savings plan with matching and company contributions
  • Student loan and 529 educational assistance programs
  • Tuition reimbursement and other financial well-being programs
  • Flexible health and insurance options including dental and vision
  • Pre-tax Health Savings Account with employer contributions
  • Total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially
  • Adoption, surrogacy, and fertility support
  • Parental and caregiver leave
  • Back-up child and adult/elder day care program and childcare discounts
  • LifeMatters® Employee Assistance Program
  • Subsidized and discounted Weight Watchers® program
  • Employee discount programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service