DevSecOps Security Architecture Leader

Overview Unlock Your Potential as a DevSecOps Security Architect

We are seeking an experienced and forward-thinking professional to play a pivotal role in shaping the security posture of our software development lifecycle. If you have a passion for embedding security into every aspect of the process, we want to hear from you.

Responsibilities Secure SDLC Design : Develop and implement secure software development lifecycle models that align with industry standards such as OWASP, NIST SSDF, or Microsoft SDL.

Security Policy Enforcement : Define and enforce security policies and controls at each phase of the SDLC (requirements, design, implementation, verification, deployment, and maintenance).

Process Alignment : Align our processes with industry standards such as OWASP, NIST SSDF, or Microsoft SDL.

Security Requirement Identification : Identify security requirements for applications and ensure they are properly addressed throughout the development process.

Threat Model Review : Review and update threat models and risk assessments to ensure they are accurate and comprehensive.

Code Review and Scanning : Perform both manual and automated code reviews (SAST, DAST, IAST, SCA) and implement automated scans in CI / CD pipelines (e.g., Jenkins, GitHub Actions).

Security Tool Integration : Integrate security tools (Fortify, Veracode, SonarQube, OWASP ZAP) within DevSecOps environments, ensuring early detection and remediation.

Technical Support : Provide technical support during application security incidents and collaborate with incident response teams when critical vulnerabilities are identified in production.

Training and Development : Design and deliver security awareness training plans for developers, based on OWASP ASVS or Microsoft SDL guidelines.

Requirements Fluency in English (at least B2+ or C1) and EU nationality.

Bachelor's or Master's degree in Computer Science, Telecommunications, or a related field, with cybersecurity specialization.

At least 3 years of experience in Application Security (AppSec), Secure SDLC, or secure development.

Strong knowledge of OWASP ASVS, OWASP SAMM, threat modeling, and security frameworks.

Experience in code review (manual and automated), vulnerability scanning, and leadership in CI / CD pipelines.

Proficiency with SAST, DAST, and IAST tools, as well as DevOps technologies.

Valuable certifications : CISSP, CSSLP, CEH, OSCP, CISM.

Excellent communication skills and ability to work with multidisciplinary teams, including delivering effective internal training.

Strong analytical mindset and detail-oriented approach.

Proactive and self-driven in critical environments.

Strategic vision with strong cross-functional collaboration skills.

What We Offer Opportunities for professional growth and continuous learning.

A diverse and inclusive work environment.

Participation in innovative projects at an international level.

Competitive benefits package.

#J-18808-Ljbffr