Lead the design and execution of enterprise-wide Software Composition Analysis (SCA) and software supply chain security strategy across all applications and platforms.
Own end-to-end open-source risk management, including vulnerability detection, prioritization, and remediation of third-party dependencies.
Define and enforce security policies aligned with industry standards such as OWASP and NIST (SSDF), ensuring secure software development practices.
Integrate SCA tooling into CI/CD pipelines and developer workflows to enable automated, shift-left security controls.
Drive implementation and adoption of Software Bill of Materials (SBOM) standards for full dependency visibility.
Secure the software supply chain by implementing controls for artifact integrity, provenance, and signed builds.
Lead response and mitigation efforts for critical supply chain vulnerabilities, ensuring rapid impact analysis and remediation.
Establish governance over artifact repositories and package registries, enforcing version control, trusted sources, and secure publishing practices.
Define and track key security metrics and present insights to senior leadership.
Mentor a team of security engineers while partnering with engineering, DevOps, and product teams to drive scalable, developer-friendly security solutions.

Bachelor’s degree in a related field or equivalent experience
Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
Working knowledge of NIST, OWASP, and MITRE frameworks
AppSec, DevSecOps, cloud, or development certifications a plus

DevSecOps Tech Lead

Key skills