DevSecOps Architect – Artifact Management, Software Supply Chain Security
New Jersey, United States of America
Full Time
1 week ago
$125,000 - $165,000 USD
No Visa Sponsorship
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformGroovyJenkinsPythonSDLCTerraformAIMLGenerative AIGenAIGCPGoogle CloudAzure DevOpsGitHubRepositoryCI/CDRisk ManagementCloud Security
About this role
Role Overview
- Design, deploy, and operate enterprise artifact repository platforms supporting cloud and hybrid environments.
- Define and enforce package curation, promotion, and trust models aligned with application security and compliance requirements.
- Implement and govern waiver and approval workflows for dependency and artifact usage, ensuring risk-based decision‑making.
- Partner with AppSec, platform, and engineering teams to standardize secure dependency and artifact consumption patterns.
- Define and maintain repository architectures supporting multiple environments, teams, and trust boundaries.
- Enforce policies ensuring artifact immutability, provenance, versioning, and trusted sourcing.
- Integrate artifact repositories into CI/CD pipelines built on GitHub, Jenkins, and Azure DevOps.
- Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
- Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
- Implement safeguards against AI-specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
- Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
- Collaborate with engineering teams to establish secure-by-design AI application architectures.
- Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
- Secure AI-related secrets, tokens, and API access used in pipelines and applications.
- Monitor and respond to security risks introduced by AI/ML components, including third-party models and APIs.
- Contribute to AI risk governance, auditability, and traceability across the SDLC.
- Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
- Align artifact and dependency controls with cloud security best practices for deployed applications.
- Monitor usage, risk posture, and effectiveness of artifact controls and drive continuous improvement.
- Develop automation and policy‑as‑code for artifact lifecycle management, approvals, and governance.
- Support security incident investigations related to software supply chain integrity or dependency risk.
- Create documentation, standards, and enablement materials for secure developer adoption.
Requirements
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.
- 3–6 years of experience in DevSecOps, platform security, or software supply chain security.
- Strong hands-on experience with JFrog Artifactory, including deployment and enterprise architecture.
- Experience designing package curation and promotion models.
- Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
- Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
- Experience integrating AI or ML components into applications or pipelines (preferred hands-on exposure).
- Familiarity with Responsible AI principles and AI governance frameworks.
- Experience implementing waiver and approval workflows for dependencies and artifacts.
- Strong understanding of application security principles and dependency risk management.
- Hands-on experience integrating repositories with GitHub, Jenkins, and Azure DevOps pipelines.
- Experience working in cloud environments (Azure preferred; AWS/GCP acceptable).
- Proficiency with automation and scripting (Python, Groovy, Terraform, etc.).
- Knowledge of modern SDLC and DevSecOps operating models.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- Groovy
- Jenkins
- Python
- SDLC
- Terraform
Benefits
- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in-class benefits for families.
- Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.