Responsibilities
- Establish and enforce organization-wide DevSecOps policies, frameworks, and security controls.
- Create and maintain automated CI/CD pipelines with embedded security testing, including static, dynamic, and software composition analysis, infrastructure-as-code scanning, and container security.
- Develop and deploy cloud-native security platforms and tooling tailored to modern architectures.
- Lead security evaluations, audits, and threat modeling exercises for critical systems and initiatives.
- Serve as a security advisor to development teams, promoting secure coding, vulnerability management, and cloud security standards.
- Automate compliance validation and governance processes to support scalable operations.
- Manage end-to-end security incident response, including root cause analysis, corrective actions, postmortem reviews, and system hardening.
- Provide technical leadership and mentorship to DevOps and DevSecOps practitioners.
- Promote efficiency by advancing automation and reducing manual effort in security processes.
- Conduct periodic vulnerability assessments and oversee timely remediation of identified risks.
- Ensure client systems adhere to industry and regulatory standards such as NIST, ISO, SOC 2, PCI DSS, and GDPR.
- Support the development and deployment of security monitoring tools and assist in incident response activities.
- Collaborate with engineering, operations, and security teams to integrate security into the software lifecycle.
