Jobs · Information Technology · Connecticut

Lead, Dev SecOps (Charlotte, NC/Stamford, CT)

United Rentals · Stamford, CT · 1 mo ago
Information TechnologyFull-time

About the role

Great company. Great people. Great opportunities.

This is a hybrid role in Charlotte, NC/Stamford, CT

Responsibilities

  • Pipeline Security & Code Hardening
    • Own the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estate
    • Define and enforce control gates
    • Manage the pipeline gating philosophy
    • Own the exception register, including time-bound exceptions with named compensating controls and expiry dates
    • Drive migration of production code into Enterprise GitHub to enable uniform scanning, gating, and provenance tracking
    • Partner with technical leaders on activity reviews, finding burn-down, gate friction, and release-level blockers
    • Analyze modern and legacy programming languages
    • Oversee DevSecOps tie-ins with suppliers performing development activity
  • AI Defense & Operations
    • Operationalize Cisco AI Defense and Multi-Cloud Defense across the major public cloud providers
    • Operate Cisco AI Defense across the four major capabilities: Model & App Validation (algorithmic red-teaming with gate evidence), Runtime Protection (prompt injection, jailbreak, data exfiltration filtering), Knowledge Security (data loss prevention and control), and Cloud & Asset Visibility (AI inventory across AWS/GCP/Azure/Oracle)
    • Serve as a technical advisor to the AIGC, delivering validation reports, AI SBOMs, and risk inputs
    • Define and enforce AI guardrails policy including data classification enforcement, prompt injection defense, output safety controls, and agent action/tool-use limits partnering with development and product teams
    • Oversee the phased AI Defense deployment roadmap from foundation through full enforcement
    • Oversee IAM and SSO integrations with both internally developed and SaaS tools
    • Cook up incident response and playbook development related to DevSecOps and AI security
    • Consult on shadow AI discovery and employee AI tool usage
  • AI Defense & Operations
    • Lead the DevSecOps Analyst, setting priorities, developing skills, and reviewing work quality
    • Cook up engineering resources on pipeline engineering, tool administration, and cloud posture work
    • Build and sustain a security champions network with champions in each development team, providing coaching, training, and support
    • Deliver OWASP-aligned secure code training (Top 10, API Top 10, LLM Top 10, Code Hardening) and role-based / language-based deep dives for development teams
    • Facilitate DevSecOps working sessions, leadership syncs, and executive reporting
    • Publish program metrics regularly
    • Partner with Sourcing to oversee supplier relationships tied to DevSecOps

    Requirements

    • Bachelor’s degree in computer science, cybersecurity, software engineering, or comparable work experience
    • 7+ years of experience in application security, DevSecOps, DevOps, or security engineering roles
    • Proven track record of building or significantly maturing a pipeline security program (SAST, DAST, SCA, secrets, containers)
    • Hands-on experience integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)
    • Strong understanding of modern software development practices such as Git workflows, containerization, infrastructure as code, and cloud-native architectures
    • Experience defining and enforcing security gates in a development pipeline without creating undue friction
    • Demonstrated ability to lead cross-functional initiatives involving development, infrastructure, and security teams
    • Experience mentoring junior security team members
    • Strong written and verbal communication skills, including the ability to present technical findings and program status to executive audiences
    • Advanced organizational skills, ability to successfully manage multiple tasks/incidents
    • Experience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platforms
    • Familiarity with AI/ML security concepts: prompt injection, model validation, AI supply chain risk
    • Experience with Cisco AI Defense or similar AI runtime protection platforms
    • CISSP, CSSLP, GWEB, GWAPT, or comparable work experience
    • Experience with OWASP frameworks (Top 10, API Top 10, ASVS, SAMM)
    • Familiarity with scripting and automation (Python, PowerShell, Bash, or similar) for pipeline integration
    • Experience operating in a partnership-first model with development teams rather than a gate-and-block approach
    • Preferred: PHP, RPG, JavaScript experience

Similar jobs