Manager, DevSecOps Engineering

Job description

Key Responsibilities Security in the SDLC: Own and enforce DevSecOps practices across CI/CD pipelines (SAST, DAST, SCA, and other practices) Integrate automated security tooling into development workflows; reduce manual security gates Partner with development teams to perform secure code reviews and threat modeling Vulnerability & Risk Management: Drive vulnerability identification, triage, and remediation across infrastructure and applications Manage security tooling stack: Produce and maintain a risk register; track remediation SLAs Penetration Testing, crowd testing & Incident Response Lead or coordinate internal/external penetration testing cycles Manage crowd testing campaigns: Develop and maintain an incident response playbook; support incident investigations Compliance & Governance: Support compliance with SOC 2, ISO 27001, GDPR, and relevant data protection frameworks Define and enforce security policies, standards, and developer security training Leadership & Collaboration: Act as the primary security SME for the engineering organization Mentor developers on secure coding practices; build a security-first engineering culture Interface with external auditors, clients, and t...