Director of Application and DevSecOps Security

About The Position

Requirements

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps.
• 5+ years in a leadership or director-level role managing teams.
• Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security.
• Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP).
• Experience with container security, Kubernetes security, serverless security concepts and delivery.
• Strong knowledge of modern architectures (microservices, containers, Kubernetes).
• Proven experience building security programs and influencing engineering culture.

Responsibilities

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives.
• Build and mature a shift-left security program integrated into CI/CD pipelines.
• Establish and implement roadmap for API security, including governance, discovery, and runtime protection.
• Balance governance with enablement by establishing guardrails, reusable patterns, and self‑service security tooling that empower engineering teams.
• Lead, mentor, and grow a high-performing security engineering team.
• Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes.
• Define API security standards including authentication, authorization, rate limiting, and data protection.
• Drive threat modeling practices across critical applications and services.
• Partner with engineering and development teams to remediate risks and improve secure design patterns.
• Embed automated security controls into CI/CD pipelines.
• Champion developer-first security tooling and workflows
• Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices.
• Measure and improve security posture through pipeline metrics and KPIs.
• Define and maintain secure SDLC policies, standards, and control frameworks.
• Establish secure design and architecture requirements for new systems.
• Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST).
• Lead security reviews and design approvals for critical initiatives.
• Design and implement role-based and just-in-time developer security training programs.
• Build secure coding guidelines and internal knowledge resources.
• Drive security awareness and culture across engineering teams.
• Partner with leadership to ensure adoption and accountability.
• Define KPIs and KRIs for application and DevSecOps security maturity.
• Report on risk posture, vulnerabilities, and program effectiveness to executive leadership.
• Continuously assess and improve tooling, processes, and coverage.

Benefits

• work flexibility
• learning
• career development
• technical credentials and certifications
• generous, flexible vacation policy
• educational assistance
• comprehensive leadership and technical development academies
• 401(k) employer match
• comprehensive health benefits