This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

• Lead the DevSecOps strategy by defining how application security controls, testing, and policy enforcement are embedded into CI/CD pipelines, including AI-assisted development workflows and agent-driven automation, to support rapid, secure software delivery.
• Architect security-by-design patterns for modern and AI-assisted application development, including secure frameworks, reusable controls, and pipeline integrations that developers can adopt with minimal friction.
• Partner with engineering and platform teams to integrate security requirements into build, test, deployment workflows, and AI-enabled development workflows, ensuring emerging AI coding practices align with secure SDLC expectations and aligning security outcomes with business and delivery objectives.
• Establish security governance and guardrails for AI-driven development trends, including LLM-assisted coding, autonomous DevOps agents, and AI-generated code, ensuring appropriate review, traceability, and risk management as these capabilities expand across the organization in coordination with AI governance and engineering teams.
• Design and evolve application security telemetry and detection, ensuring meaningful signals flow into enterprise monitoring and response capabilities while minimizing noise and operational overhead.
• Provide architectural leadership and mentorship, working with other Security Architects and cross-functional teams to align AppSec initiatives with enterprise security and technology strategies.

Qualifications

• Framework fluency, including OWASP Top 10, ASVS NIST CSF 2.021, and MITRE ATT&CK, with the ability to operationalize them within DevSecOps workflows.
• Technical Experience: 5–10 years of progressive experience in application development, platform engineering, or application security, with demonstrated ownership of designing and embedding scalable application security capabilities into DevSecOps pipelines.
• Strategic application security mindset with the ability to translate risk, threats, and regulatory requirements into practical DevSecOps controls that scale across teams.
• Hands-on DevSecOps experience, including integrating SAST, DAST, SCA, IaC scanning, secrets detection, and policy enforcement into CI/CD pipelines.
• Strong automation and pipeline integration skills, leveraging scripting, APIs, AI tooling, and security platforms to streamline secure development and reduce manual processes.
• Cloud-native application security expertise, including secure design patterns for AWS and SaaS platforms, identity-driven access controls, and secure service-to-service communication.
• Influential communication and leadership skills, with experience guiding developers, mentoring engineers, and aligning technical security decisions with business priorities.
• Promote a culture of diversity and inclusion, value different ideas and opinions, and listen courageously, remaining curious in all that you do.
• Able to work remotely with access to a high-speed internet connection and located in the United States or Puerto Rico.

Requirements

• Bachelor's Degree in IT Security, Computer Science or related field (preferred).
• Security or architecture certifications, such as CISSP, ISSAP, CSSLP, CASP+, CASE or relevant GIAC certifications (preferred).
• Proven experience delivering architecture artifacts, such as secure reference architectures, threat models, and developer-facing security standards that improve adoption and consistency (preferred).
• Proven experience in CI/CD Pipeline Technologies, such as GitHub, JFrog Xray, Wiz, SonarCube, etc. (preferred).

Benefits

• Estimated Salary: Minimum: $112,000 MidPoint: $151,000 Maximum: $190,000, plus annual bonus opportunity.
• 401(k) plan with a 2% company contribution and 6% company match.
• Work-life balance with vacation, personal time, and paid holidays.