DevSecOps SCA Tech Lead

Job description

Core Responsibilities Serve as the technical lead and subject matter expert for Software Composition Analysis (SCA), partnering closely with the AppSec team lead and manager to execute strategy and roadmap for open-source and dependency security across the SDLC. Lead the design, configuration, and continuous optimization of SCA tooling, including policy definition, risk and reachability tuning, and CI/CD integration at scale. Drive risk-based vulnerability management for open-source dependencies, providing guidance on prioritization, remediation approaches, and risk acceptance decisions. Define and maintain standards, guardrails, and best practices for open-source usage, including approved dependency policies, vulnerability thresholds, and exception workflows. Act as the primary point of contact for SCA, collaborating with application teams, platform teams, App Sec peers, and other security stakeholders to ensure alignment and effective execution. Participate in an on-call rotation to support application security tooling, assist developers, and respond to security threat events when required. Champion a developer-first experience by improving signal quality, reducing noise, and del...