Development Security & Operations Architect (DevSecOps)

Bengaluru - India

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Development Security & Operations Architect (DevSecOps)

Description -

About the Role

We are seeking a DevSecOps Architect to lead the integration of security practices into the software development lifecycle (SDLC) through a Shift Left strategy and Secure by Design principles. This role will be pivotal in transforming how our engineering and security teams collaborate ensuring security is baked in from the first line of code to deployment and beyond.

Youll work cross-functionally with development cloud engineering platform security and governance teams to design and implement scalable automated and developer-friendly security solutions.

Key Responsibilities

Strategy & Architecture

Design and drive the implementation of a DevSecOps architecture and roadmap aligned with Shift Left and Secure by Design goals.
Define and evangelize security reference architectures patterns and guardrails for modern application development (microservices APIs containers serverless etc.).
Evaluate and select best-in-class tools for static and dynamic analysis container scanning SBOM secrets detection and IaC security.

People & Enablement

Serve as a security advocate and trusted advisor for developers product owners and SREs.
Build a developer-centric security culture through enablement office hours and targeted secure coding workshops.
Create role-specific learning paths and work with L&D teams to deliver security training tailored for developers testers and DevOps engineers.

Process Integration

Embed security checkpoints in Agile/DevOps pipelines CI/CD workflows and SDLC ceremonies.
Establish automated security gates in CI/CD processes without impacting velocity.
Define and continuously improve security SLAs and feedback loops based on metrics and lessons learned from incidents.

Tooling & Automation

Incorporate and automate SAST DAST SCA container scanning IaC scanning and secret detection tools within developer toolchains and CI/CD pipelines.

Drive adoption of Security as Code including policies (OPA/Rego) Infrastructure as Code scanning and automated remediation playbooks.
Build centralized visibility through dashboards and metrics for leadership on vulnerabilities remediations and coverage.

Expected Business Outcomes

Reduced Security Vulnerabilities
Faster Software Delivery
Fewer Escalations
Improved Compliance
Cost Savings

Required Qualifications

7 years in software security DevSecOps or application architecture roles with 3 years in a lead or architecture role.
Proven success implementing Shift Left security practices and Secure by Design principles at scale.
Deep understanding of modern SDLCs Agile methodologies and DevOps culture.
Hands-on experience with CI/CD platforms (GitHub Actions GitLab CI Jenkins Azure and AWS DevOps etc.).
Experience integrating and operating tools such as:
- SAST: Checkmarx Veracode SonarQube
- DAST: OWASP ZAP Burp Suite Pro
- SCA: Snyk Black Duck Mend
- Secrets Detection: GitGuardian TruffleHog
- Container/IaC Security: Prisma Cloud Aqua Sysdig Checkov
Knowledge of threat modeling (e.g. STRIDE PASTA) and secure software development frameworks (e.g. BSIMM OWASP SAMM).
Experience with cloud-native architectures (AWS Azure GCP) and Kubernetes security best practices.

Preferred Qualifications

Certifications: CSSLP GIAC GWAPT/GDSA CISSP or AWS/GCP security certifications.
Experience designing governance frameworks for product security at scale.
Familiarity with zero trust principles and how they relate to application and cloud security.
Experience working in regulated environments (e.g. healthcare financial services government).

Job -

Data & Information Technology

Schedule -

Full time

Shift -

No shift premium (India)

Travel -

Relocation -

Equal Opportunity Employer (EEO) -

HP Inc. provides equal employment opportunity to all employees and prospective employees without regard to race color religion sex national origin ancestry citizenship sexual orientation age disability or status as a protected veteran marital status familial status physical or mental disability medical condition pregnancy genetic predisposition or carrier status uniformed service status political affiliation or any other characteristic protected by applicable national federal state and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

For more information review HPsEEO Policy or read about your rights as an applicant under the law here: Know Your Rights: Workplace Discrimination is Illegal

Development Security & Operations Architect (DevSecOps)Description -About the RoleWe are seeking a DevSecOps Architect to lead the integration of security practices into the software development lifecycle (SDLC) through a Shift Left strategy and Secure by Design principles. This role will be pivotal...

Development Security & Operations Architect (DevSecOps)

Description -

About the Role

Youll work cross-functionally with development cloud engineering platform security and governance teams to design and implement scalable automated and developer-friendly security solutions.

Key Responsibilities

Strategy & Architecture

Design and drive the implementation of a DevSecOps architecture and roadmap aligned with Shift Left and Secure by Design goals.
Define and evangelize security reference architectures patterns and guardrails for modern application development (microservices APIs containers serverless etc.).
Evaluate and select best-in-class tools for static and dynamic analysis container scanning SBOM secrets detection and IaC security.

People & Enablement

Serve as a security advocate and trusted advisor for developers product owners and SREs.
Build a developer-centric security culture through enablement office hours and targeted secure coding workshops.
Create role-specific learning paths and work with L&D teams to deliver security training tailored for developers testers and DevOps engineers.

Process Integration

Embed security checkpoints in Agile/DevOps pipelines CI/CD workflows and SDLC ceremonies.
Establish automated security gates in CI/CD processes without impacting velocity.
Define and continuously improve security SLAs and feedback loops based on metrics and lessons learned from incidents.

Tooling & Automation

Incorporate and automate SAST DAST SCA container scanning IaC scanning and secret detection tools within developer toolchains and CI/CD pipelines.

Drive adoption of Security as Code including policies (OPA/Rego) Infrastructure as Code scanning and automated remediation playbooks.
Build centralized visibility through dashboards and metrics for leadership on vulnerabilities remediations and coverage.

Expected Business Outcomes

Reduced Security Vulnerabilities
Faster Software Delivery
Fewer Escalations
Improved Compliance
Cost Savings

Required Qualifications

7 years in software security DevSecOps or application architecture roles with 3 years in a lead or architecture role.
Proven success implementing Shift Left security practices and Secure by Design principles at scale.
Deep understanding of modern SDLCs Agile methodologies and DevOps culture.
Hands-on experience with CI/CD platforms (GitHub Actions GitLab CI Jenkins Azure and AWS DevOps etc.).
Experience integrating and operating tools such as:
- SAST: Checkmarx Veracode SonarQube
- DAST: OWASP ZAP Burp Suite Pro
- SCA: Snyk Black Duck Mend
- Secrets Detection: GitGuardian TruffleHog
- Container/IaC Security: Prisma Cloud Aqua Sysdig Checkov
Knowledge of threat modeling (e.g. STRIDE PASTA) and secure software development frameworks (e.g. BSIMM OWASP SAMM).
Experience with cloud-native architectures (AWS Azure GCP) and Kubernetes security best practices.

Preferred Qualifications

Certifications: CSSLP GIAC GWAPT/GDSA CISSP or AWS/GCP security certifications.
Experience designing governance frameworks for product security at scale.
Familiarity with zero trust principles and how they relate to application and cloud security.
Experience working in regulated environments (e.g. healthcare financial services government).

Job -

Data & Information Technology

Schedule -

Full time

Shift -

No shift premium (India)

Travel -

Relocation -

Equal Opportunity Employer (EEO) -

For more information review HPsEEO Policy or read about your rights as an applicant under the law here: Know Your Rights: Workplace Discrimination is Illegal