Software Security Lead

Software Security Lead –
Reporting to: Software Security Manager
Role Mission
The Software Security Lead operates under the direction of the Software Security Manager who owns and Key Responsibilities
1. Software Security Governance & Standardization
- Execute the Secure SDLC framework defined by the Software Security Manager.
- Contribute to the evolution of security policies standards and development guidelines.
- Support project teams in applying secure coding design and architectural best practices.
- Maintain security documentation templates and technical guidance.
2. CI/CD Security & DevSecOps Integration
- Integrate security controls into CI/CD pipelines in cooperation with DevOps teams.
- Automate SAST DAST SCA dependency scanning and container security checks.
- Ensure CI/CD environments remain compliant with the Secure SDLC and PCInDSS requirements.
3. Risk Analysis PCInDSS Compliance & Audits
- Support the Software Security Manager in implementing PCInDSS development controls.
- Prepare engineering teams for internal partner and external audits.
- Maintain compliance evidence and ensure traceability of security activities.
4. Vulnerability Lifecycle Management
- Lead vulnerability detection analysis triage and remediation activities.
- Monitor SLAs escalate blockers and ensure closure of findings as per internal expectations.
- Contribute to security incident analysis and corrective action plans.
5. Team Enablement & Security Awareness
- Train development QA and DevOps teams on secure coding and SSDLC best practices.
- Promote security awareness and proactive risk identification across the business unit
- Act as the first line of technical support for software security questions and escalations.
Required Skills
Technical Skills
- Strong understanding of application security frameworks (OWASP CWE NIST SSDF).
- Handsnon experience with SAST DAST SCA container scanning secrets management.
- Familiarity with technology stack (Java C UNIX PowerCARD ecosystem).
- Strong understanding of DevOps toolchains and multi-site CI/CD operations.
Security & Compliance Skills
- Practical experience implementing SSDLC and DevSecOps principles.
- Knowledge of PCInDSS v4.0 requirements related to software development.
- Experience managing vulnerability lifecycle and coordinating with technical teams.
- Ability to support audits compliance reporting and corrective actions.
Leadership & Cross-Functional Skills
- Effective communication with technical teams and management.
- Ability to influence challenge and coach teams.
- Strong analytical skills and structured problemnsolving.
- Excellent teamwork across multiple company locations.
Profile
- Master’s degree in Computer Science Cybersecurity Engineering or equivalent.
- 8–12 years in application security DevSecOps or secure architecture roles.
- Experience in payments or regulated industries is a strong plus.
Key Performance Indicators (KPIs)
- Vulnerability remediation SLA performance.
- PCInDSS compliance readiness and audit outcomes.
- Security control integration coverage in CI/CD pipelines.
- Reduction of repeated vulnerabilities.
- SSDLC adoption and maturity.
- Quality of reporting to the Software Security Manager.
Scope & Collaboration
- Daily collaboration with Development QA DevOps Cybersecurity Infrastructure Project & Product teams.
- Influence across the entire business unit.