Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA)
Partner closely with the AppSec team lead and manager to execute strategy and roadmap for open-source and dependency security across the SDLC
Lead the design, configuration, and continuous optimization of SCA tooling
Drive risk-based vulnerability management for open-source dependencies
Provide guidance on prioritization, remediation approaches, and risk acceptance decisions
Define and maintain standards, guardrails, and best practices for open-source usage
Act as the primary point of contact for SCA
Collaborate with application teams, platform teams, App Sec peers, and other security stakeholders
Participate in an on-call rotation to support application security tooling
Champion a developer-first experience by improving signal quality, reducing noise
Identify, design, and implement automation and process improvements to enhance dependency visibility
Define, track, and communicate key metrics and insights related to open-source risk
Provide technical leadership and mentorship to App Sec engineers and development teams on secure dependency management
Maintain comprehensive documentation for SCA technologies, processes, and standards

Bachelor’s degree in a related field or equivalent experience
Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
Working knowledge of NIST, OWASP, and MITRE frameworks
AppSec, DevSecOps, cloud, or development certifications a plus

DevSecOps Tech Lead

Key skills