DevSecOps Lead
About the role
The Security team is seeking a DevSecOps Lead/Staff Engineer to build and scale our secure software development lifecycle and vulnerability management practices across the organization. This role will partner closely with Engineering, Platform, and Security to implement practical security standards and controls from code development through deployment and production.
This role is remote-friendly and can sit in NYC, Austin, Miami, Los Angeles (CA), Cupertino (CA), or anywhere else in the US. Depending upon where the remote work is performed, income could be subject to New York State tax withholding.
Responsibilities
Own the roadmap for secure SDLC controls and partner with Engineering and Product to roll out standards that are practical, scalable, and auditable.
Develop and maintain secure development policies, implementation standards, and guidance for engineering teams.
Drive adoption of key controls across repositories and pipelines, including branch protection, pull request requirements, code review, secrets scanning, dependency scanning, infrastructure-as-code scanning, and container image scanning.
Partner with Engineering and Product teams to integrate security guardrails into CI/CD workflows and developer tooling.
Support vulnerability management operations, including intake, triage, remediation tracking, verification, and reporting.
Build reference implementations, templates, and onboarding guidance to help teams adopt secure patterns consistently.
Define and report on metrics such as control coverage, vulnerability aging, SLA performance, and remediation progress.
Prepare audit-ready documentation and evidence that demonstrates controls are implemented and operating effectively.
Evaluate and prioritize future enhancements such as SAST, DAST, SBOM generation, image signing, and broader software supply chain security improvements.
Requirements
6+ years of experience in DevSecOps, security engineering, application security, cloud security, or DevOps, including experience leading cross-functional programs or technical initiatives.
Experience building or improving Secure SDLC, CI/CD security, or vulnerability management programs in modern engineering environments.
Understanding of Git-based workflows, CI/CD systems, cloud-native development, containers, and repository security controls.
Experience implementing or governing controls such as branch protection, code review, secrets scanning, SAST, SCA, infrastructure-as-code scanning, or container scanning.
Ability to translate security requirements into clear standards and practical implementation plans that work for engineering teams.
Comfortable influencing stakeholders across Security, Engineering, and leadership.
Experience with GitHub Enterprise, GitHub Actions, Jenkins, or similar platforms (preferred).
Experience supporting SOC 2, audit readiness, or customer assurance efforts (preferred).
Familiarity with software supply chain security concepts such as SBOMs, image signing, and artifact integrity (preferred).