DevSecOps Manager

About The Position

Requirements

• Bachelor of science degree (or equivalent) in computer science, engineering, or relevant field
• Seven + years of DevOps or software engineering experience, with at least three years in a leadership or managerial role
• Experience with technical project management or leadership
• Direct experience with DevOps tools
• Familiarity with secure software development frameworks and standards
• Excellent written, verbal, and technical communication skills
• Must be able to work in a multi-functional team environment

Nice To Haves

• Familiarity with Agile and other methodologies
• Experience with product development in a Medical Device or Regulated Product environment
• Excellent computer skills, including the use of automation tools, scripting languages (ie: PowerShell, Python), networking systems and utilities, etc.
• Knowledge of Windows and Linux operating systems
• Strong knowledge of security tools
• Familiarity with package management solutions
• Proficiency in cloud platforms
• Ability to mentor Junior Software Developers, as well as to collaborate with all stakeholders

Responsibilities

• Lead the DevSecOps strategy, aligning with business objectives and regulatory requirements
• Manage a team of engineers, fostering a culture of collaboration, innovation and continuous improvement
• Act as the primary liaison between development and cybersecurity teams to ensure seamless integration of security into the DevOps pipeline
• Design, implement, and maintain automated CI/CD pipelines with integrated security and quality gates
• Embed security practices into all phases of the SDLC, from design to deployment and monitoring
• Collaborate with development teams to integrate secure coding practices and vulnerability assessments
• Automate infrastructure provisioning and management using Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible)
• Ensure software and infrastructure meet regulatory and compliance requirements, including HIPAA, GDPR, and FDA cybersecurity guidance
• Conduct security risk assessments and implement controls to mitigate vulnerabilities in medical device software
• Monitor and respond to security incidents, ensuring timely remediation and root cause analysis
• Establish robust monitoring and logging solutions to detect and respond to performance, reliability, and security issues
• Optimize application performance, scalability, and availability using cloud and container orchestration tools
• Continuously evaluate new tools, technologies, and methodologies to improve the DevSecOps process
• Infrequent travel (<10%) may be required