Lead, Dev SecOps (Charlotte, NC/Stamford, CT)
United Rentals · Stamford, CT · 1 mo ago
Information TechnologyFull-time
About the role
Great company. Great people. Great opportunities.
This is a hybrid role in Charlotte, NC/Stamford, CT
Responsibilities
- Pipeline Security & Code Hardening
- Own the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estate
- Define and enforce control gates
- Manage the pipeline gating philosophy
- Own the exception register, including time-bound exceptions with named compensating controls and expiry dates
- Drive migration of production code into Enterprise GitHub to enable uniform scanning, gating, and provenance tracking
- Partner with technical leaders on activity reviews, finding burn-down, gate friction, and release-level blockers
- Analyze modern and legacy programming languages
- Oversee DevSecOps tie-ins with suppliers performing development activity
- AI Defense & Operations
- Operationalize Cisco AI Defense and Multi-Cloud Defense across the major public cloud providers
- Operate Cisco AI Defense across the four major capabilities: Model & App Validation (algorithmic red-teaming with gate evidence), Runtime Protection (prompt injection, jailbreak, data exfiltration filtering), Knowledge Security (data loss prevention and control), and Cloud & Asset Visibility (AI inventory across AWS/GCP/Azure/Oracle)
- Serve as a technical advisor to the AIGC, delivering validation reports, AI SBOMs, and risk inputs
- Define and enforce AI guardrails policy including data classification enforcement, prompt injection defense, output safety controls, and agent action/tool-use limits partnering with development and product teams
- Oversee the phased AI Defense deployment roadmap from foundation through full enforcement
- Oversee IAM and SSO integrations with both internally developed and SaaS tools
- Cook up incident response and playbook development related to DevSecOps and AI security
- Consult on shadow AI discovery and employee AI tool usage
- AI Defense & Operations
- Lead the DevSecOps Analyst, setting priorities, developing skills, and reviewing work quality
- Cook up engineering resources on pipeline engineering, tool administration, and cloud posture work
- Build and sustain a security champions network with champions in each development team, providing coaching, training, and support
- Deliver OWASP-aligned secure code training (Top 10, API Top 10, LLM Top 10, Code Hardening) and role-based / language-based deep dives for development teams
- Facilitate DevSecOps working sessions, leadership syncs, and executive reporting
- Publish program metrics regularly
- Partner with Sourcing to oversee supplier relationships tied to DevSecOps
- Bachelor’s degree in computer science, cybersecurity, software engineering, or comparable work experience
- 7+ years of experience in application security, DevSecOps, DevOps, or security engineering roles
- Proven track record of building or significantly maturing a pipeline security program (SAST, DAST, SCA, secrets, containers)
- Hands-on experience integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)
- Strong understanding of modern software development practices such as Git workflows, containerization, infrastructure as code, and cloud-native architectures
- Experience defining and enforcing security gates in a development pipeline without creating undue friction
- Demonstrated ability to lead cross-functional initiatives involving development, infrastructure, and security teams
- Experience mentoring junior security team members
- Strong written and verbal communication skills, including the ability to present technical findings and program status to executive audiences
- Advanced organizational skills, ability to successfully manage multiple tasks/incidents
- Experience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platforms
- Familiarity with AI/ML security concepts: prompt injection, model validation, AI supply chain risk
- Experience with Cisco AI Defense or similar AI runtime protection platforms
- CISSP, CSSLP, GWEB, GWAPT, or comparable work experience
- Experience with OWASP frameworks (Top 10, API Top 10, ASVS, SAMM)
- Familiarity with scripting and automation (Python, PowerShell, Bash, or similar) for pipeline integration
- Experience operating in a partnership-first model with development teams rather than a gate-and-block approach
- Preferred: PHP, RPG, JavaScript experience