DevSecOps & Application Security Lead

Remote Full-time
We are looking for a DevSecOps and Application Security Lead to join our team and build our application security from scratch. In this role, you will lead the security direction within our department, focusing on integrating security into the software development process. By balancing automation with practical DevSecOps practices, you will help our engineering teams find and fix vulnerabilities early, ensuring our products are safe and strong without slowing down development.

Responsibilities

Build the DevSecOps/AppSec function from scratch, and create the roadmap, KPIs, and metrics for leadership

Create secure development processes, including release security gates and vulnerability management

Choose, configure, and integrate security scanners (SAST, SCA, secrets) with a focus on automation and AI-assisted workflows

Integrate security checks into pipelines and development processes together with Engineering, DevOps, and Product teams

Run threat modeling and security reviews for high-risk systems and major architecture changes

Create clear security standards, checklists, and practical guidelines for developers (covering code, APIs, and secrets)

Launch and grow a Security Champions program to involve engineers in security processes

Help investigate incidents related to application vulnerabilities, leaked secrets, and supply-chain attacks

Requirements

5+ years of experience in DevOps, SRE, Platform Engineering, or related infrastructure/security roles

3+ years focused on DevSecOps and Application Security

1+ years in a lead/ownership role

Deep understanding of modern software development, Git workflows, and hands-on experience integrating security checks into CI/CD pipelines without creating bottlenecks

Practical experience with SAST, SCA, secrets scanning, and vulnerability management (triage, risk rating, remediation, and validation)

Ability to select and scale security tools based on accuracy, false-positive rates, and developer experience

Strong knowledge of web/API/mobile risks (OWASP Top 10, auth, supply-chain risks) and ability to run threat modeling and secure design reviews

Good scripting skills (Python, Bash, or similar) and understanding of cloud-native/containerized environments

Ability to write clear security requirements and guidelines for developers

English - Intermediate+ or higher

Nice to Have

Experience building AppSec/DevSecOps functions from scratch or early maturity stages

Hands-on experience with tools like Snyk, Aikido, Semgrep, Trivy, Gitleaks, GitHub/GitLab Security, or SonarQube

Experience with cloud/IaC security, Kubernetes, and mobile app security

Knowledge of compliance standards (SOC 2, ISO 27001, PCI DSS, DORA) and experience with Bug Bounty or pentest coordination

Experience with Security Champions programs and AI-assisted security tools

We offer

20 paid vacation days per year

10 paid sick leave days per year

Public holidays as per the company’s approved Public holiday list

Medical budget

Opportunity to work remotely

Professional education budget

Language learning budget

Wellness budget (gym membership, sports gear and related expenses)
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Account Executive; B2B SaaS Sales: APAC

Remote

Experienced Creative Manager for Innovative Live Experiences and Immersive Entertainment Development at blithequark

Remote

Senior Data Scientist - Industry Solutions Engineering

Remote

Director, Health Plan Performance (Commercial and Medicaid), Remote

Remote

TikTok Moderator (Remote) – Entry-Level Opportunity Earning $25-$35/Hour

Remote

Lead Setter / Appointment Setter (B2B, Real Estate Marketing)

Remote

Benefits Administrator

Remote

Experienced Full Stack Data Entry Specialist – Remote Opportunity with careerzynith

Remote

Revenue Cycle Informaticist - Electronic Health Records [Remote]

Remote

Director, Product Management - Merchants

Remote
← Back