Lead, Dev SecOps (Charlotte, NC)

About The Position

Requirements

• Bachelor’s degree in computer science, cybersecurity, software engineering, or comparable work experience
• 7+ years of experience in application security, DevSecOps, DevOps, or security engineering roles
• Proven track record of building or significantly maturing a pipeline security program (SAST, DAST, SCA, secrets, containers)
• Hands-on experience integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)
• Strong understanding of modern software development practices such as Git workflows, containerization, infrastructure as code, and cloud-native architectures
• Experience defining and enforcing security gates in a development pipeline without creating undue friction
• Demonstrated ability to lead cross-functional initiatives involving development, infrastructure, and security teams
• Experience mentoring junior security team members
• Strong written and verbal communication skills, including the ability to present technical findings and program status to executive audiences
• Advanced organizational skills, ability to successfully manage multiple tasks/incidents
• Experience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platforms
• Familiarity with AI/ML security concepts: prompt injection, model validation, AI supply chain risk
• Experience with Cisco AI Defense or similar AI runtime protection platforms
• CISSP, CSSLP, GWEB, GWAPT, or comparable work experience
• Experience with OWASP frameworks (Top 10, API Top 10, ASVS, SAMM)
• Familiarity with scripting and automation (Python, PowerShell, Bash, or similar) for pipeline integration
• Experience operating in a partnership-first model with development teams rather than a gate-and-block approach

Nice To Haves

• PHP, RPG, JavaScript experience

Responsibilities

• Own the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estate.
• Define and enforce control gates.
• Manage the pipeline gating philosophy.
• Own the exception register, including time-bound exceptions with named compensating controls and expiry dates.
• Drive migration of production code into Enterprise GitHub to enable uniform scanning, gating, and provenance tracking.
• Partner with technical leaders on activity reviews, finding burn-down, gate friction, and release-level blockers.
• Establish provenance tagging for AI-generated and third-party code so it passes the same gates as enterprise code.
• Analyze modern and legacy programming languages.
• Oversee DevSecOps tie-ins with suppliers performing development activity.
• Operationalize Cisco AI Defense and Multi-Cloud Defense across the major public cloud providers.
• Operate Cisco AI Defense across the four major capabilities: Model & App Validation (algorithmic red-teaming with gate evidence), Runtime Protection (prompt injection, jailbreak, data exfiltration filtering), Knowledge Security (data loss prevention and control), and Cloud & Asset Visibility (AI inventory across AWS/GCP/Azure/Oracle).
• Serve as a technical advisor to the AIGC, delivering validation reports, AI SBOMs, and risk inputs.
• Define and enforce AI guardrails policy including data classification enforcement, prompt injection defense, output safety controls, and agent action/tool-use limits partnering with development and product teams.
• Oversee the phased AI Defense deployment roadmap from foundation through full enforcement.
• Oversee IAM and SSO integrations with both internally developed and SaaS tools.
• Coordinate with SecOps on incident response and playbook development related to DevSecOps and AI security.
• Consult on shadow AI discovery and employee AI tool usage.
• Lead the DevSecOps Analyst, setting priorities, developing skills, and reviewing work quality.
• Coordinate the engineering resources on pipeline engineering, tool administration, and cloud posture work.
• Build and sustain a security champions network with champions in each development team, providing coaching, training, and support.
• Deliver OWASP-aligned secure code training (Top 10, API Top 10, LLM Top 10, Code Hardening) and role-based / language-based deep dives for development teams.
• Facilitate DevSecOps working sessions, leadership syncs, and executive reporting.
• Publish program metrics regularly.
• Partner with Sourcing to oversee supplier relationships tied to DevSecOps.

Benefits

• Paid Parental Leave
• United Compassion Fund
• Employee Discount Program
• Career Development & Promotional Opportunities
• Additional Vacation Buy Up Program (US Only)
• Early Wage Access through Payactiv (US Hourly Only)
• Paid Sick Leave