DevSecOps Architect – Artifact Management & Software Supply Chain Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.
• 3–6 years of experience in DevSecOps, platform security, or software supply chain security.
• Strong hands-on experience with JFrog Artifactory, including deployment and enterprise architecture.
• Experience designing package curation and promotion models.
• Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
• Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
• Experience implementing waiver and approval workflows for dependencies and artifacts.
• Strong understanding of application security principles and dependency risk management.
• Hands-on experience integrating repositories with GitHub, Jenkins, and Azure DevOps pipelines.
• Experience working in cloud environments (Azure preferred; AWS/GCP acceptable).
• Proficiency with automation and scripting (Python, Groovy, Terraform, etc.).
• Knowledge of modern SDLC and DevSecOps operating models.

Nice To Haves

• Experience integrating AI or ML components into applications or pipelines (preferred hands-on exposure).
• Familiarity with Responsible AI principles and AI governance frameworks.

Responsibilities

• Design, deploy, and operate enterprise artifact repository platforms supporting cloud and hybrid environments.
• Define and enforce package curation, promotion, and trust models aligned with application security and compliance requirements.
• Implement and govern waiver and approval workflows for dependency and artifact usage, ensuring risk-based decision‑making.
• Partner with AppSec, platform, and engineering teams to standardize secure dependency and artifact consumption patterns.
• Define and maintain repository architectures supporting multiple environments, teams, and trust boundaries.
• Enforce policies ensuring artifact immutability, provenance, versioning, and trusted sourcing.
• Integrate artifact repositories into CI/CD pipelines built on GitHub, Jenkins, and Azure DevOps.
• Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
• Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
• Implement safeguards against AI-specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
• Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
• Collaborate with engineering teams to establish secure-by-design AI application architectures.
• Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
• Secure AI-related secrets, tokens, and API access used in pipelines and applications.
• Monitor and respond to security risks introduced by AI/ML components, including third-party models and APIs.
• Contribute to AI risk governance, auditability, and traceability across the SDLC.
• Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
• Align artifact and dependency controls with cloud security best practices for deployed applications.
• Monitor usage, risk posture, and effectiveness of artifact controls and drive continuous improvement.
• Develop automation and policy‑as‑code for artifact lifecycle management, approvals, and governance.
• Support security incident investigations related to software supply chain integrity or dependency risk.
• Create documentation, standards, and enablement materials for secure developer adoption.

Benefits

• Competitive pay
• Retirement planning
• Continuing education program with a company-matched student loan contribution
• Financial wellness programs
• Health care coverage designed for the mind and body
• Generous time off
• Access to a wealth of resources to grow your career and learn valuable new skills
• Perks for partners and little ones
• Retail discounts
• Referral incentive awards
• Annual incentive plan