Job Summary:
We are seeking a highly experienced and technically skilled DevSecOps Technical Lead to lead the implementation and evolution of secure development and deployment practices across our organization. This role combines hands-on engineering with strategic leadership, ensuring that security is seamlessly integrated into our DevOps culture, toolchains, and cloud infrastructure.
The ideal candidate will bring a strong background in software security, automation, and modern DevOps practices, and will be able to influence architecture, culture, and process across development and operations teams.
Key Responsibilities:
Leadership & Strategy
Define and drive the organization's DevSecOps vision and roadmap.
Act as the technical authority and advisor for all security-related aspects of the CI/CD pipeline.
Collaborate with Engineering, Security, and Operations teams to embed security into all stages of the SDLC.
Champion a “security as code” mindset and lead secure software delivery practices.
Mentor DevSecOps engineers, security champions, and cross-functional stakeholders.
DevSecOps Implementation
Design and implement automated security controls and pipelines (SAST, DAST, SCA, IaC scanning, secrets detection).
Develop and enforce security guardrails, policies, and compliance requirements in CI/CD workflows.
Automate vulnerability scanning and management, and integrate remediation into development cycles.
Lead threat modeling, secure design reviews, and architecture assessments for new projects.
Cloud & Infrastructure Security
Drive secure cloud adoption strategies and implement security baselines for cloud infrastructure (Azure, Adobe, AWS) containers, and serverless functions.
Ensure compliance with industry standards (NIST, OWASP, ISO 27001, SOC 2) and regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).
Security Automation & Tooling
Evaluate and integrate cutting-edge DevSecOps tools.
Develop custom tooling where appropriate to support secure delivery and threat detection.
Establish and monitor security KPIs and SLAs across platforms.
Incident Readiness & Collaboration
Support incident response processes and contribute to forensic analysis and RCA.
Act as the bridge between security operations and development teams.
Lead or participate in security assessments, audits, and red/blue team exercises.
Required Qualifications:
8+ years of hands-on experience in DevOps, security engineering, or software development roles, with at least 4 years in a senior or lead DevSecOps role.
Strong knowledge of CI/CD platforms (GitLab CI, GitHub, Jenkins, Azure DevOps, WebShpere, Web Logic, IIS, Tomcat, Apache, MuleSoft, Maven, ANT, NPM tools, Azure Cloud, Azure Data Factory, Azure Databricks, Adobe Experience Manager, Power Apps, Power Automate, Power BI, Microsoft Fabric, Microsoft Copilot Studio experience, Infrastructure as Code, Kubernetes AKS, etc.).
Hands-on experience with security testing tools (e.g., SonarQube, Veracode, Checkmarx, Trivy, OWASP ZAP, Burp Suite).
Proficient with cloud-native security in AWS, Azure, Adobe .
Deep understanding of container security, Kubernetes, and IaC (Terraform, Ansible, CloudFormation).
Strong scripting or development experience (Python, Bash, PowerShell, Go, etc.).
Excellent leadership, mentoring, and stakeholder management skills.
Knowledge of agile/DevOps methodologies and enterprise SDLC best practices.