The role

As the DevSecOps Manager at our company, you will lead a team dedicated to securing both modern and traditional infrastructure. Your primary responsibility will be to create and implement the overarching DevSecOps strategy while ensuring governance and alignment with security best practices. You will be providing an enterprise support to all of our platforms. You will act as a key resource and support for all areas, driving security initiatives and ensuring robust protection across the groups platforms.

The DevSecOps team is part of Cyber Security, which also includes Product Security and Offensive Security. As manager, you will oversee security practices across the SDLC, cloud environments, CI/CD pipelines, and critical infrastructure, working closely with engineering and DevOps teams to integrate secure solutions throughout the development lifecycle.

Responsibilities

• DevSecOps Strategy & Governance: Develop and implement the overarching strategy for securing infrastructure, ensuring governance and adherence to security controls across all platforms.
• Platform Focus Areas: Provide group level strategic direction to DevSecOps specialists who focus on our specific platforms, while ensuring cross-platform collaboration when required.
• Cross-Platform Expertise: Ensure that DevSecOps specialists work across different platforms when their expertise is needed, such as in implementing new enterprise security tooling or policies.
• Infrastructure Security: Lead efforts to secure modern and traditional infrastructure, including Kubernetes, OpenStack, AWS, Docker, network, databases, and SDLC security.
• Pipeline & Tooling Security: Oversee the implementation and maintenance of security tooling within the development pipeline, for example Snyk, SonarQube, and Burp Suite Enterprise.
• Collaborative Security Initiatives: Partner with DevOps teams to assist with hands-on security implementations and develop security policies, for example as Kubernetes or AWS hardening.
• Security Awareness & Training: Promote a culture of security awareness through training and best practices, ensuring alignment with the latest DevSecOps standards.
• Team Leadership: Oversee day-to-day operations of the DevSecOps team, set objectives, and monitor key results to ensure successful project delivery.
• Resource & Budget Planning: Manage team resources, allocate budgets, and ensure efficient use of solutions and services within your scope.
• Performance & Development: Provide coaching, training, and performance feedback to team members, fostering their professional growth.

Requirements

• Experience:
  • 5+ years of experience in security-related domains such as cloud security, infrastructure security, or Kubernetes security.
  • 3+ years of experience managing a team, with a proven track record in driving security initiatives.
  • Hands-on knowledge in securing cloud environments (AWS, OpenStack), modern infrastructure (Kubernetes, Docker), and traditional infrastructure (network, databases).
  • Hands-on knowledge in securing the CI/CD and the SDLC.
  • Familiarity with development/scripting experience (Java, Python, Bash).
  • Familiarity with GenAI
• Technical Skills:
  • Expertise in implementing security controls within the SDLC.
  • Proficiency in cloud-native security tools and infrastructure-as-code.
• Communication & Leadership:
  • Excellent communication skills, able to engage technical and non-technical stakeholders.
  • Strong leadership abilities, able to coach and develop a high-performing team.
• Organizational Skills:
  • Skilled in managing resources, setting objectives, and ensuring successful cross-platform collaboration.
  • Ability to prioritize tasks, manage budgets, and make key decisions.
• Certifications:
  • GCLD, GSEC, GCPN, GSCA, AWS Certified Security Specialist, or equivalent certifications.

Ensure that you, and your team, adhere to the Governance, Risk & Compliance (GRC) obligations within your direct responsibility and control.

Ensure any non-compliance incidents within your team are raised through the appropriate channels (Compliance Incidents Process) and that your team are informed of any reporting processes relevant to them.

Challenge processes, policies and projects that will negatively impact compliance within the Group.

Ensure your team's completion of all mandatory compliance trainings within the set deadline.

Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.

LI-HYBRID #LI-ML1 #LI-MM1