About the Role
We are seeking a DevSecOps Architect to lead the integration of security practices into the software development lifecycle (SDLC) through a Shift Left strategy and Secure by Design principles. This role will be pivotal in transforming how our engineering and security teams collaborate, ensuring security is baked in from the first line of code to deployment and beyond.
You’ll work cross-functionally with development, cloud engineering, platform security, and governance teams to design and implement scalable, automated, and developer-friendly security solutions.
Key Responsibilities
🔹 Strategy & Architecture
Design and drive the implementation of a DevSecOps architecture and roadmap, aligned with Shift Left and Secure by Design goals.Define and evangelize security reference architectures, patterns, and guardrails for modern application development (microservices, APIs, containers, serverless, etc.).Evaluate and select best-in-class tools for static and dynamic analysis, container scanning, SBOM, secrets detection, and IaC security.🔹 People & Enablement
Serve as a security advocate and trusted advisor for developers, product owners, and SREs.Build a developer-centric security culture through enablement, office hours, and targeted secure coding workshops.Create role-specific learning paths and work with L&D teams to deliver security training tailored for developers, testers, and DevOps engineers.🔹 Process Integration
Embed security checkpoints in Agile/DevOps pipelines, CI/CD workflows, and SDLC ceremonies.Establish automated security gates in CI/CD processes without impacting velocity.Define and continuously improve security SLAs and feedback loops based on metrics and lessons learned from incidents.🔹 Tooling & Automation
Incorporate and automate SAST, DAST, SCA, container scanning, IaC scanning, and secret detection tools within developer toolchains and CI/CD pipelines.
Drive adoption of Security as Code, including policies (OPA/Rego), Infrastructure as Code scanning, and automated remediation playbooks.Build centralized visibility through dashboards and metrics for leadership on vulnerabilities, remediations, and coverage.Expected Business Outcomes
Reduced Security VulnerabilitiesFaster Software DeliveryFewer EscalationsImproved ComplianceCost SavingsRequired Qualifications
7+ years in software security, DevSecOps, or application architecture roles, with 3+ years in a lead or architecture role.Proven success implementing Shift Left security practices and Secure by Design principles at scale.Deep understanding of modern SDLCs, Agile methodologies, and DevOps culture.Hands-on experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins, Azure and AWS DevOps, etc.).Experience integrating and operating tools such as:SAST: Checkmarx, Veracode, SonarQubeDAST: OWASP ZAP, Burp Suite ProSCA: Snyk, Black Duck, MendSecrets Detection: GitGuardian, TruffleHogContainer/IaC Security: Prisma Cloud, Aqua, Sysdig, CheckovKnowledge of threat modeling (e.g., STRIDE, PASTA) and secure software development frameworks (e.g., BSIMM, OWASP SAMM).Experience with cloud-native architectures (AWS, Azure, GCP) and Kubernetes security best practices.Preferred Qualifications
Certifications: CSSLP, GIAC GWAPT/GDSA, CISSP, or AWS/GCP security certifications.Experience designing governance frameworks for product security at scale.Familiarity with zero trust principles and how they relate to application and cloud security.Experience working in regulated environments (e.g., healthcare, financial services, government).