Senior Manager, DevSecOps

About The Position

Requirements

• 5-6+ years of experience in Cybersecurity/DevOps, or DevSecOps, with proven experience leading security teams of ~5+ engineers across multiple infrastructure areas.
• Leads teams of two or more functional areas with authority over team processes, tools, and priorities; decisions may jeopardize business activities.
• Regularly interacts with senior/executive management, communicating timeline, scope, and technical concerns to all stakeholders.
• Leads Sev1/2 incidents for team's areas of responsibility and provides strategic direction during major security events.
• Exercises supervision over costs, methods, and staffing with responsibility for resource utilization and budget for teams; may have subordinate supervisors or team leads.
• Bachelor's degree in Computer Science, Information Systems, or equivalent experience in a related field.
• AI/ML Security: LLM security (prompt injection, jailbreaking, data leakage), model security, AI supply chain security, adversarial ML defense, RAG system security, vector database security, MCP security.
• AI Governance & Compliance: Responsible AI frameworks, AI risk assessment, model governance, AI audit trails, privacy-preserving ML techniques.
• AI Pipeline Security: Securing model training environments, ML pipeline security, model versioning and provenance, AI artifact scanning, AI workload isolation.
• AI Identity & Access: AI service authentication, API security for AI endpoints, token management for LLM services, workload identity for AI inference.
• Network Security: Firewalls, segmentation, intrusion detection/prevention systems, AI traffic analysis.
• Encryption and Cryptography: TLS/SSL, certificate management, encryption at rest and in transit, secure model storage.
• Identity and Access Management: IAM, Keycloak, Teleport, Workload Identity, AI service accounts.
• Operating System Security: Hardening, patch management, compliance frameworks.
• Application Security: Container security, Kubernetes security policies, SAST, DAST, SCA tools, AI-generated code scanning.
• Threat Intelligence and Analysis: Vulnerability scanning, AI threat detection, adversarial attack detection.
• Incident Response and Forensics: Security incident handling, AI-specific incident investigation, model forensics.
• Risk Management and Compliance: SOC2, ISO 27001, SOX, AI governance frameworks, audit preparation and evidence collection.
• Security Architecture and Design: Zero Trust principles, defense in depth strategies, AI security architecture patterns.
• Automation and Scripting: Security automation, ACME, certbot, Python, Bash, AI security tooling automation.
• Cloud Security: GCP, AWS, OCI security controls and best practices, AI service security configurations.
• AI/ML Platforms: Vertex AI, SageMaker, Azure ML security configurations, LLM API security (OpenAI, Anthropic, Google AI), vector database security (Qdrant, Pinecone, Weaviate, ChromaDB).
• AI Security Tools: AI red teaming tools, prompt injection detection, model scanning tools, AI observability and monitoring platforms, AI governance platforms.
• AI Development Tools: LangChain security, LlamaIndex security, AI agent framework security, model registry security, MLflow security.
• Cloud Platforms: GCP, AWS, OCI with expertise in cloud-native security controls, AI service configurations, and AI workload security.
• CI/CD: GitHub Actions, GitLab CI, or Jenkins, and Harness with AI security integrations.
• Container Orchestration: Kubernetes and Docker, with focus on container security and AI workload orchestration.
• Infrastructure-as-Code (IaC): Terraform, Ansible, or Crossplane for both traditional and AI infrastructure.
• Creates architecture designs for systems and services spanning multiple teams and infrastructure areas.
• Researches new technologies and evaluates for adoption, particularly in AI security domain.
• Provides blueprints for new services and capabilities across teams.
• Creates epics and prioritizes work across multiple teams with strong expertise in primary specialization and working knowledge of others.
• Excellent communication and stakeholder management skills with ability to influence cross-functional teams and senior leadership.
• Proven ability to balance technical execution with strategic planning, team development, and business objectives.

Responsibilities

• Manage and lead multiple DevSecOps teams, mentor and hire senior DevSecOps and security engineers, building high-performing teams focused on security excellence across traditional and AI workloads.
• Secure AI/ML pipelines and infrastructure by implementing security controls for model deployment environments, ensuring protection against AI-specific threats such as prompt injection, data poisoning, and model extraction.
• Establish AI security governance frameworks including policies for LLM usage, RAG (Retrieval Augmented Generation) systems security, MCP (Model Context Protocol) security, and AI supply chain risk management.
• Implement automated security scanning for AI artifacts including model files, training datasets, and AI-generated code, integrating these checks into CI/CD pipelines alongside traditional SAST, DAST, and SCA tools.
• Oversee security for AI workload identity and access management, ensuring proper authentication, authorization, and encryption for AI services, APIs, and vector databases used in RAG systems.
• Lead AI security incident response for threats specific to AI/ML systems including adversarial attacks, model theft, data leakage through LLM outputs, and unauthorized AI service usage.
• Ensure adherence to compliance standards such as SOC 2, ISO 27001, SOX, and MRC by automating compliance evidence collection, with special focus on AI governance and responsible AI principles.
• Define and execute DevSecOps strategy aligned with business objectives, security requirements, and emerging AI security best practices across the organization.
• Create architecture designs for security systems and services spanning multiple teams and infrastructure areas, including AI-specific security architectures.
• Drive continuous improvement of security automation, AI security tooling, and processes across traditional and AI workloads.
• Establish security metrics and KPIs to measure team effectiveness, security posture, and AI risk exposure.
• Foster a culture of security awareness and AI security best practices across engineering, data science, and product teams.
• Collaborate with senior/executive management regularly on security strategy, AI risk management, and cross-organizational security initiatives.

Benefits

• bonus/commission (as applicable)
• equity
• benefits