Job Description: Strategy & Leadership
- Define and own the DevSecOps and AI Security strategy , roadmap, and operating model aligned to business and regulatory needs.
- Act as a senior advisor to engineering, platform, AI, and product leaders on secure architecture and risk trade-offs.
- Build and scale high-performing DevSecOps and AppSec teams; mentor other team members.
- Represent security in executive forums, client discussions, audits, and risk reviews.
DevSecOps & Platform Security
- Lead security integration across CI/CD pipelines using Jenkins, GitHub/GitHub Actions, and similar tooling.
- Establish enterprise standards for:
- Secure build pipelines
- Secrets management
- IaC security (Terraform / CloudFormation)
- Dependency and supply-chain security
- Drive adoption of automated security controls: SAST, DAST, SCA, API security, container scanning.
Application Security
- Oversee application security programs including threat modeling, secure design reviews, and vulnerability management.
- Monitor and improve the daily operations and BAU activities.
AI / GenAI Security
- Establish guardrails for AI/GenAI solutions , including LLM-based apps, RAG pipelines, and agentic workflows.
- Assess and mitigate risks such as prompt injection, data leakage, insecure integrations, model abuse, and third-party AI risk.
- Embed AI security controls into DevSecOps/MLOps pipelines (MLSecOps).
Governance, Risk & Compliance
- Translate regulatory and client security requirements into practical engineering controls.
- Own security metrics, risk reporting, control evidence, and audit readiness.
Ensure alignment with frameworks such as NIST, ISO 27001, SOC 2, OWASP (including LLM Top 10), and emerging AI standards.
Responsibilities: Strategy & Leadership
- Define and own the DevSecOps and AI Security strategy , roadmap, and operating model aligned to business and regulatory needs.
- Act as a senior advisor to engineering, platform, AI, and product leaders on secure architecture and risk trade-offs.
- Build and scale high-performing DevSecOps and AppSec teams; mentor other team members.
- Represent security in executive forums, client discussions, audits, and risk reviews.
DevSecOps & Platform Security
- Lead security integration across CI/CD pipelines using Jenkins, GitHub/GitHub Actions, and similar tooling.
- Establish enterprise standards for:
- Secure build pipelines
- Secrets management
- IaC security (Terraform / CloudFormation)
- Dependency and supply-chain security
- Drive adoption of automated security controls: SAST, DAST, SCA, API security, container scanning.
Application Security
- Oversee application security programs including threat modeling, secure design reviews, and vulnerability management.
- Monitor and improve the daily operations and BAU activities.
AI / GenAI Security
- Establish guardrails for AI/GenAI solutions , including LLM-based apps, RAG pipelines, and agentic workflows.
- Assess and mitigate risks such as prompt injection, data leakage, insecure integrations, model abuse, and third-party AI risk.
- Embed AI security controls into DevSecOps/MLOps pipelines (MLSecOps).
Governance, Risk & Compliance
- Translate regulatory and client security requirements into practical engineering controls.
- Own security metrics, risk reporting, control evidence, and audit readiness.
Ensure alignment with frameworks such as NIST, ISO 27001, SOC 2, OWASP (including LLM Top 10), and emerging AI standards.