Director of Software Security

About The Position

Requirements

• 12–15+ years in cybersecurity, with strong focus on application security and DevSecOps
• 5+ years in leadership (manager/director level)
• Deep expertise in: Secure SDLC and DevSecOps pipelines
• Deep expertise in: Cloud-native architectures and container security
• Deep expertise in: Regulatory frameworks (CMMC, NIST, ISO)
• Experience in regulated industries (defense, government, healthcare, fintech)

Nice To Haves

• Hands-on experience with tools such as: SAST: Checkmarx, Veracode
• Hands-on experience with tools such as: DAST: Burp Suite
• Hands-on experience with tools such as: SCA: Snyk, Black Duck
• Hands-on experience with tools such as: CI/CD: Jenkins, GitHub Actions
• Familiarity with Kubernetes, Docker, and service mesh security
• Certifications: CISSP, CSSLP
• Certifications: CISM or CCSP
• Experience with Zero Trust and identity-first security

Responsibilities

• Define and execute enterprise DevSecOps strategy across all development teams
• Integrate security controls into CI/CD pipelines (build, test, release)
• Establish “shift-left” security practices across the SDLC
• Drive adoption of secure coding, SAST, DAST, and SCA tools
• Define reference architectures for secure microservices, APIs, and cloud-native apps
• Establish security patterns for containers, Kubernetes, and serverless
• Lead threat modeling initiatives
• Ensure secure API design and zero trust principles
• Lead compliance initiatives for: Cybersecurity Maturity Model Certification (CMMC 2.0), NIST SP 800-171r2 /800-53, ISO 27001
• Ensure software systems meet federal, defense, and privacy regulations
• Coordinate audits, assessments, and continuous monitoring programs
• Implement controls for handling Controlled Unclassified Information (CUI)
• Secure DevOps pipelines across cloud platforms: Amazon AWS, Microsoft Azure, Google Cloud, IBMC cloud, Cadence software service and products
• Implement infrastructure-as-code (IaC) security scanning
• Define secrets management, identity, and access controls
• Build and scale AppSec program across all product lines
• Define vulnerability management lifecycle (discovery → remediation → validation)
• Establish bug bounty / responsible disclosure programs
• Integrate security into Agile and CI/CD workflows
• Secure software supply chain (SBOM, dependency scanning)
• Implement artifact signing, provenance, and integrity validation
• Define policies, standards, and secure development guidelines
• Establish KPIs: vulnerability remediation SLA, code coverage, pipeline security
• Align software security with enterprise risk management
• Report posture to executive leadership and board
• Lead teams of AppSec engineers, DevSecOps engineers, and architects
• Partner with Engineering, Product, Legal, and Compliance teams
• Build security champions program within development teams
• Influence engineering culture toward security ownership

Benefits

• paid vacation and paid holidays
• 401(k) plan with employer match
• employee stock purchase plan
• a variety of medical, dental and vision plan options