DevSecOps/Vulnerability Management Lead

Responsibilities:

• Establish and manage a comprehensive vulnerability management program, including:
• Integration of scanning tools across source code, dependencies, containers, and infrastructure.
• Continuous discovery, prioritization, and tracking of vulnerabilities.
• Coordinating with development and infrastructure teams for timely remediation.
• Root cause analysis and reporting on trends and recurring issues.
• Lead the design and implementation of secure, automated CI/CD pipelines.
• Define and drive DevSecOps strategy in alignment with business goals and compliance standards.
• Embed security controls and tooling (SAST, DAST, SCA, IaC scanning, etc.) into the software development lifecycle.
• Collaborate closely with engineering, platform, and security teams to ensure scalable security architecture.
• Automate security testing and compliance checks within CI/CD workflows.
• Evaluate and implement security tools and platforms that support proactive risk management.
• Drive secure configuration management and enforcement through IaC and policy-as-code.
• Maintain awareness of emerging threats, vulnerabilities, and regulatory changes.
• Support internal and external audits, ensuring alignment with compliance frameworks (e.g., ISO 27001, SOC 2, GDPR).
• Provide technical mentoring and guidance on secure coding, cloud security, and DevSecOps best practices.

Qualifications:

• 5 years of hands-on experience in DevOps, Security Engineering, or DevSecOps.
• Strong experience designing and managing vulnerability management workflows, ideally across multi-cloud and containerized environments.
• Familiarity with vulnerability scanning tools and platforms (e.g., Snyk, Tenable, Qualys, Trivy, Clair, etc.).
• Proficient in implementing CI/CD pipelines with tools such as GitLab CI, GitHub Actions, Jenkins, CircleCI.
• Deep understanding of cloud platforms (AWS, Azure, or GCP) and cloud-native security controls.
• Expertise in scripting (e.g., Python, Bash) and infrastructure-as-code (Terraform, Ansible).
• In-depth knowledge of application and infrastructure security, secure SDLC, and DevSecOps tooling.
• Strong knowledge of compliance and security frameworks: OWASP, NIST, CIS Benchmarks, ISO 27001.
• Excellent communication skills and ability to work across technical and non-technical stakeholders.
• Proven ability to lead cross-functional security initiatives and mentor engineers.