Lead, SDLC Security Engineering

About The Position

Requirements

• Typically, a minimum of 1-2 years of experience formally or informally leading people, projects, and/or programs.
• Bachelor’s or Master’s degree or equivalent plus directly relevant experience.
• Strong background in application security, cloud security, secure SDLC, DevSecOps, or CI/CD security automation supporting software product development.
• Experience leading or coordinating engineers, technical programs, security tooling initiatives, or cross-functional implementation efforts.
• Hands-on experience with secure SDLC tooling such as SAST, SCA, DAST, secrets detection, container/cloud scanning, vulnerability management, or policy-as-code.
• Experience integrating security controls into CI/CD pipelines, developer workflows, and platform engineering environments.
• Experience with threat modeling, vulnerability management, secure release criteria, and developer-facing security guardrails.
• Ability to design scalable, low-friction security practices that reduce risk without slowing engineering teams unnecessarily.
• Strong communication and cross-functional leadership skills, with the ability to partner across DevSecOps, Security, QE, Release Management, and software engineering teams.
• Ability to resolve technical and operational challenges, manage conflicting priorities, and guide team members through complex assignments.

Responsibilities

• Lead and develop a small team responsible for SDLC security tooling, automation, and developer-facing security guardrails.
• Define team priorities, roles, execution plans, and resource needs in alignment with Platform Engineering & DevSecOps objectives.
• Lead the implementation and continuous improvement of SDLC security tooling, including scanning, secrets management, policy-as-code, and automated guardrails.
• Manage vulnerability management workflows and help define secure release criteria in partnership with Security, QE, Release Management, and engineering teams.
• Integrate security automation into CI/CD pipelines and developer paved roads to make secure practices easier for engineering teams to adopt.
• Coordinate threat modeling inputs and security requirements into software delivery workflows.
• Partner with DevSecOps, Developer Experience, QE, Release Management, and engineering teams to drive secure-by-default practices.
• Provide security engineering input into platform governance, incident response, release readiness, and risk review processes.
• Drive adoption of security tooling, standards, documentation, and enablement across engineering teams.
• Establish operating rhythms, performance expectations, and delivery plans for the security engineering function.

Benefits

• eligibility for bonus, stock and benefits