Develops, recommends, and implements enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies
Lead the design and integration of DevSecOps, Application Security and Vulnerability Management capabilities across our enterprise
Drive secure-by-design practices across CI/CD pipelines, cloud-native platforms, and modern development workflows—including AI-assisted coding environments
Partner closely with application engineering, cloud, and platform teams to embed scalable, automated security controls that reduce risk while enabling developer velocity
Lead the design and implementation of DevSecOps solutions integrated into CI/CD pipelines (GitHub, GitLab, Jenkins)
Define and implement secure SDLC practices, including automated testing, threat modeling, and secure coding standards
Own and optimize CNAPP platforms (e.g., Wiz, Prisma Cloud) to improve cloud security posture and workload protection
Drive vulnerability management strategy, including risk-based prioritization and integration into developer workflows
Integrate and tune AppSec tools (SAST, DAST, SCA, container scanning) for scalable pipeline adoption
Establish guardrails for AI-generated code security, including validation of outputs and mitigation of risks such as insecure code patterns and data exposure
Embed security controls into AI-enabled applications and APIs, addressing emerging risks (e.g., prompt injection, model misuse)
Partner with engineering teams to reduce vulnerability backlog and MTTR
Define KPIs and reporting for security posture, pipeline coverage, and risk reduction
Serve as a technical advisor and escalation point for complex security and integration challenges
Leads system and network architecture support for information and network security technologies
Leads development and execution of risk assessment methodologies
Develops security incident response plans and strategies
Provides trouble resolution and serves as point of technical escalation on complex problems
Creates presentations and seeks IT management approval and acceptance of significant replacements or reconfigurations of major security systems serving the enterprise
Acts as a subject matter expert among peers, with manager and senior management.
Requirements
Requires BS/BA in information Technology or related field of study
minimum of 8 years experience in systems administration and security aspects of information systems
access management and network security technologies
network communications
computer networking
telecommunications
systems development and management
hardware
software
data
people expertise
experience with multiple technical and business disciplines required
Experience in DevSecOps (Harness pipelines), Application Security, Cloud Security, or related fields
Experience with Jfrog Artifactory, Xray, and Curation
Hands-on experience integrating security into CI/CD pipelines at scale
Experience with CNAPP platforms (e.g., Wiz, Prisma Cloud)
Strong knowledge of: Application Security (SAST, DAST, SCA, API security) & Cloud Security (AWS, Azure, or GCP)
Containers & Kubernetes security
Vulnerability management and risk prioritization
Experience securing AI/LLM-enabled applications or AI-assisted development workflows
Familiarity with AI security risks (e.g., OWASP Top 10 for LLMs, prompt injection, data leakage)
Experience with tools such as Snyk, Checkmarx, Veracode, SonarQube
Strong understanding of DevOps and Agile practices