Key skills
CloudJenkinsSDLCGitHub ActionsGitGitHubRepositoryCI/CDLeadershipCloud Security
About this role
Role Overview
- Own the roadmap for secure SDLC controls and partner with Engineering and Product to roll out standards that are practical, scalable, and auditable.
- Develop and maintain secure development policies, implementation standards, and guidance for engineering teams.
- Drive adoption of key controls across repositories and pipelines, including branch protection, pull request requirements, code review, secrets scanning, dependency scanning, infrastructure-as-code scanning, and container image scanning.
- Partner with Engineering and Product teams to integrate security guardrails into CI/CD workflows and developer tooling.
- Support vulnerability management operations, including intake, triage, remediation tracking, verification, and reporting.
- Build reference implementations, templates, and onboarding guidance to help teams adopt secure patterns consistently.
- Define and report on metrics such as control coverage, vulnerability aging, SLA performance, and remediation progress.
- Prepare audit-ready documentation and evidence that demonstrates controls are implemented and operating effectively.
- Evaluate and prioritize future enhancements such as SAST, DAST, SBOM generation, image signing, and broader software supply chain security improvements.
Requirements
- 6+ years of experience in DevSecOps, security engineering, application security, cloud security, or DevOps
- Experience building or improving Secure SDLC, CI/CD security, or vulnerability management programs in modern engineering environments
- Understand Git-based workflows, CI/CD systems, cloud-native development, containers, and repository security controls
- Have implemented or governed controls such as branch protection, code review, secrets scanning, SAST, SCA, infrastructure-as-code scanning, or container scanning
- Can translate security requirements into clear standards and practical implementation plans that work for engineering teams
- Are comfortable influencing stakeholders across Security, Engineering, and leadership
- Have experience with GitHub Enterprise, GitHub Actions, Jenkins, or similar platforms, preferred
- Have experience supporting SOC 2, audit readiness, or customer assurance efforts, preferred
- Are familiar with software supply chain security concepts such as SBOMs, image signing, and artifact integrity, preferred
Tech Stack
- Cloud
- Jenkins
- SDLC
Benefits
- Flexible work hours
- Flexible vacation
- Generous 401K match
- Parental leave
- Team events
- Wellness budget
- Learning reimbursement