As a key member of the Cyber/IT team with robust interaction across other functions – Product, Engineering and GRC – the DevSecOps Director will be critical to the realization of DevSecOps principles and best practices at Blockchains. The key responsibility of the role is to requite executive sponsorship for DevSecOps in Blockchains with strong communications, process and procedural alignment, KRI/KPI-driven decisioning and tight allocation of resources across functions to drive security and innovation, both at scale, in software engineering, builds and deployments.
The ideal candidate has tactical or leadership skills in development and IT operations experience as well as demonstrable cybersecurity savvy –a security-first mindset – and is able to analyze issues, articulate solutions, coach/mentor responsibilities for key functional groups, and catalyze action to advance us on our journey to DevSecOps excellence.
- Bridge Product, Engineering and Cyber/IT teams‘ application-security (app-sec) initiatives – strategic, architectural, tooling and operational – including navigated refinements to policy, process, procedural, technical and other provisions.
- Align cross-functionally on issues and direction, clearly communicated, and mobilize action across teams and per consensus on an action plan to ensure code and operational integrity.
- Responsible for vulnerability management, and core contributor to exception and release management – and driver of applicable reporting across platforms and products.
- Develop, define and sustain security standards and best practices around a zero-trust approach.
- Manage app-sec lifecycle of architecture, tooling and operations:
- Work productively with Engineering and Cyber/IT teams to accelerate momentum for CI/CD pipeline automation – from tooling and governance (process, procedures and playbooks) perspectives – and motivate app-sec champions to own and drive adherence to standards. Serve as point of contact for product teams on all such matters.
- Enable and champion constant refinement in DevSecOps practices, including automation of SAST, DAST, IAST, MAST along with threat modeling, code peer reviews, penetration testing, security remediation and security monitoring/incident response enablement.
- Manage cross-functional Cyber/IT, GRC and Engineering projects:
- Evaluate risk of proposed action or of inaction, with cost/benefit analyses – may relate to new technologies, operational adjustments or apply to other scenarios.
- Identify new tools or innovate on existing provisions, tooling or procedural, to drive new efficiencies and to augment impact of DevSecOps capacity and performance.
- Identify and propose controls for risks, technical or operational, crafting appropriate governance apparatus for review, refinement and adoption by team(s) upon approval.
- Coach so as to enable security champions and raise awareness – in peer-to-peer training, workshops or less structured initiatives – of DevSecOps principles and practices, and work with team members across functions to drive corresponding tactics.
US Located Required: Yes
Schedule: Full time