Responsibilities
- Lead the full secure software development lifecycle, including coding standards, threat modeling, security checkpoints, policy-as-code, and audit-ready documentation, in collaboration with the Software Architect.
- Identify, assess, and resolve security vulnerabilities in Python, Go, and TypeScript/React applications by working directly with development teams.
- Build, secure, and refine CI/CD pipelines using platforms like GitHub Actions, GitLab CI, or Jenkins, embedding security seamlessly into development workflows.
- Deploy and manage security tools across the development lifecycle, including static and dynamic analysis, software composition scanning, secret detection, container inspection, and dependency tracking.
- Enforce secure software supply chain measures such as artifact signing, SBOM creation, and provenance verification within build and release systems.
- Oversee the management of secrets, access credentials, and cryptographic keys in pipelines, ensuring minimal access, regular rotation, and secure storage.
- Collaborate with engineering teams to evaluate code, analyze risks, and suggest effective security improvements that maintain development velocity.
- Assist in responding to security incidents and implementing long-term fixes for application and platform vulnerabilities.
- Support compliance audits for standards like ISO 27001, SOC 2, PCI DSS, or FedRAMP by preparing evidence related to CI/CD and engineering controls.
- Coach developers on secure coding practices and promote a security-first mindset throughout the development process.
Compensation
Not specified
Work Arrangement
Not specified
Team
Not specified
Not specified