DevSecOps Tech Lead

Core Responsibilities

• Lead the design and execution of enterprise-wide Software Composition Analysis (SCA) and software supply chain security strategy across all applications and platforms.
• Own end-to-end open-source risk management, including vulnerability detection, prioritization, and remediation of third-party dependencies.
• Define and enforce security policies aligned with industry standards such as OWASP and NIST (SSDF), ensuring secure software development practices.
• Integrate SCA tooling into CI/CD pipelines and developer workflows to enable automated, shift-left security controls.
• Drive implementation and adoption of Software Bill of Materials (SBOM) standards (e.g., Cyclone,DX, SPDX) for full dependency visibility.
• Secure the software supply chain by implementing controls for artifact integrity, provenance, and signed builds, aligned with OpenSSF frameworks (e.g., SLSA).
• Lead response and mitigation efforts for critical supply chain vulnerabilities (e.g., zero-day dependency risks), ensuring rapid impact analysis and remediation.
• Establish governance over artifact repositories and package registries, enforcing version control, trusted sources, and secure publishing practices.
• Define and track key security metrics (e.g., vulnerability MTTR, coverage, policy compliance) and present insights to senior leadership.
• Mentor a team of security engineers while partnering with engineering, DevOps, and product teams to drive scalable, developer-friendly security solutions.

• Bachelor's degree in a related field or equivalent experience
• Hands-on experience deploying and operating SCA/SAST tools, including onboarding, auth setup, and CI/CD integration
• Experience with additional AppSec tools (Secret Scanning, IAST, DAST, etc.)
• Strong understanding of modern application development and delivery (IDEs, repos, CI/CD, cloud, containers, serverless)
• Working knowledge of NIST, OWASP, and MITRE frameworks
• AppSec, DevSecOps, cloud, or development certifications a plus