DevSecOps Lead

The DevSecOps Lead is responsible for integrating security practices within the DevOps process, ensuring that security is embedded at every stage of the software development lifecycle. This role combines expertise in development, operations, and security to guide teams in building secure, scalable, and robust software solutions. The DevSecOps Lead will collaborate with cross-functional teams to drive a culture of security, automation, and continuous improvement.

Key Responsibilities

• Security Integration: Embed security controls and best practices into CI/CD pipelines, infrastructure as code, and automated deployment processes.
• Collaboration: Work closely with development, operations, and security teams to ensure seamless integration of security requirements.
• Automation and Tooling: Evaluate, implement, and manage security automation tools for code analysis, vulnerability scanning, and compliance monitoring.
• Incident Response: Lead the response to security incidents and vulnerabilities, coordinating remediation and root cause analysis.
• Governance and Compliance: Ensure adherence to relevant security standards, legal regulations, and industry best practices.
• Training and Awareness: Provide guidance and training to development and operations teams on secure coding practices and emerging threats.
• Continuous Improvement: Identify opportunities to enhance security posture, streamline processes, and reduce risk through automation and innovation.

Required Skills and Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Proven experience in DevSecOps, DevOps, or Security Engineering roles.
• Strong knowledge of CI/CD pipelines, cloud platforms (AWS, Azure, GCP), and container orchestration (Docker, Kubernetes).
• Proficiency with security tools such as SAST, DAST, SCA, and SIEM solutions.
• Solid understanding of secure coding practices, infrastructure as code, and automation frameworks.
• Excellent problem-solving, communication, and leadership skills.
• Relevant certifications (e.g., CISSP, CISM, AWS Certified Security, Certified DevSecOps Professional) are a plus.

Desirable Attributes

• Ability to foster a culture of security and collaboration across diverse teams.
• Continuous learner, keeping abreast of emerging security threats and technologies.
• Strong analytical mindset with attention to detail.
• Experience in agile and DevOps methodologies.