DevSecOps Architect - Application Security & Software Supply Chain
Remote
Visa- Open
6+ Months
Key Responsibilities
Design and implement DevSecOps frameworks integrating security into CI/CD pipelines.
Define and enforce application security controls including:
SAST (Static Application Security Testing)
DAST (Dynamic Application Security Testing)
SCA (Software Composition Analysis)
Establish secure coding practices and developer enablement programs.
Architect solutions for software supply chain security, including:
Dependency scanning
SBOM (Software Bill of Materials) management
Vulnerability remediation workflows
Integrate security tools with build systems, container registries, and orchestration platforms.
Collaborate with development, operations, and security teams to embed security early in SDLC.
Define risk-based prioritization and remediation strategies for vulnerabilities.
Drive automation of security checks to reduce manual overhead and improve release velocity.
Ensure compliance with industry standards (e.g., OWASP, NIST, CIS benchmarks).
Provide technical leadership and guidance on emerging DevSecOps trends and best practices.
Required Skills
Strong expertise in CI/CD tools (Jenkins, GitHub Actions, GitLab CI, Azure DevOps).
Hands-on experience with SAST, DAST, SCA tools (e.g., SonarQube, Checkmarx, Veracode, Snyk).
Knowledge of container security (Docker, Kubernetes) and cloud-native security.
Familiarity with SBOM standards (CycloneDX, SPDX) and supply chain risk mitigation.
Proficiency in secure coding principles and threat modeling.
Experience with automation scripting (Python, Bash) and Infrastructure as Code (Terraform, Ansible).
Strong understanding of compliance frameworks and regulatory requirements.
Preferred Qualifications
Certifications: CSSLP, CKA, AWS/Azure Security Specialty.
Experience in microservices architecture and API security.
Exposure to Al-driven security tools and advanced vulnerability management.
Vikas