DevSecOps Lead

ABOUT US

PHINIA: Advancing sustainability today powering a cleaner tomorrow.

PHINIA is an independent market-leading premium solutions and components provider with over 100 years of manufacturing expertise and industry relationships with a strong brand portfolio that includes DELPHI DELCO REMY and HARTRIDGE. With over 12500 employees across 43 locations in 20 countries PHINIA is headquartered in Auburn Hills Michigan USA.

At PHINIA we Provide fuel systems electrical systems and aftermarket products and solutions of the highest quality developed and manufactured responsibly that are designed to enhance efficiency and reduce the environmental impact of vehicles industrial machinery and other doing so we contribute to a cleaner tomorrow treat our people and surrounding communities with respect and hold ourselves accountable to robust ethical standards.

Our Culture

PHINIA promotes and cultivates an inclusive culture and diverse perspectives strives to maintain its reputation for excellence thrives on the power of collaboration and fosters the development of our talented employees. We believe in making a positive impact through our business and actions and we take our collective responsibility seriously.

Career Opportunities

We believe in building a brighter tomorrow for our employees as well as our customers and encourage you to learn about our long history strong culture new technologies and future vision. We offer a strong local presence and interesting global opportunities. Join us on this shared journey toward a brighter tomorrow.

JOB PURPOSE

KEY RESPONSIBILITIES

Key Responsibilities

• Own the vulnerability remediation program across infrastructure (servers endpoints network cloud containers) driving SLAbased closure of CVEs configuration drift and misconfigurations.

• Lead penetration test finding remediationtriage issues assign owners track fixes to closure validate compensating controls and report status to Security leadership.

• Drive EndofLife (EOL/EOS) remediation for OS middleware databases network devices and toolchains; plan upgrades/migrations and enforce standards to eliminate unsupported tech.

• Run a crossfunctional Security Operations cadence with Security Infrastructure and Application teamsprioritize risks coordinate change windows remove blockers and publish weekly progress dashboards.

• Maintain a riskbased backlog of security defects (CVEs pentest items EOL tech policy gaps) aligning remediation to business impact asset criticality and exploitability.

• Operationalize scanning and detection: ensure continuous vulnerability scanning cloud posture assessment container image scanning and config baselines are in place and healthy.

• Integrate remediation into ITSM workflows (Incident/Problem/Change); define RFC packages backout plans test evidence and ensure CAB approvals for security changes.

• Partner with Cloud/Infra teams to enforce secure baselines (CIS hardening guides) Zero Trust controls network segmentation and identityaware access for privileged operations.

• Establish and track remediation SLAs MTTR risk burndown and coverage metrics; escalate noncompliance and drive executive visibility on risk posture.

• Coordinate patch management motion: monthly cycles emergency outofband patches and validation/telemetry for success rates; reduce maintenance window impact.

• Ensure asset/CMDB accuracy and criticality tagging to improve scan coverage prioritization and reporting fidelity.

• Embed security into pipelines where applicable (e.g. infra as code scanning container/Docker/K8s policy checks) and enforce SBOM usage for infrastructure artifacts.

• Produce clear reporting for leadership: trends blocked items highrisk assets EOL exposure pentest closure rates and upcoming change plans.

• Drive automationfirst remediation (PowerShell/Python/Ansible/Terraform modules) atscale config enforcement and autoticketing/autopatching where feasible.

• Collaborate with SOC/Detection teams to validate exploit attempts correlate findings with vulnerabilities and prioritize urgent remediations.

• Lead readiness exercises (tabletops DR/BCP touchpoints) for security changes with high blast radius; ensure rollback validation and communications plans.

• Coach infra/app teams on secure operations practices EOL planning and remediation playbooks; foster a culture of securitybydefault in daytoday operations

What were looking for

• Bachelors or masters degree in Computer Science Information Systems or equivalent work experience.

• 8 years in DevOps/Platform/SRE or Application Security with 3 years leading DevSecOps or platform teams in an enterprise environment.

• Handson leadership of CI/CD platforms and pipelines (e.g. Azure DevOps/GitHub/GitLab or equivalent) artifact and container registries.

• InfrastructureasCode and configuration automation (Terraform ARM/Bicep Helm Ansible) across hybrid cloud and Kubernetes/container platforms.

• Security tooling and practices: SAST SCA DAST container/image scanning IaC scanning secrets management SBOM/provenance policyascode (e.g. OPA).

• Track record of coaching teams simplifying complex problems and delivering measurable improvements in lead time change failure rate MTTR and security posture.

• Cloud/platform (Azure/AWS/GCP) security (e.g. CISSP CCSP GIAC SC100/SC200) DevOps/SRE (e.g. DORA/DevOps Institute SRE Foundation) and Kubernetes (CKA/CKS).

WHAT WE OFFER

We provide compensation and benefits programs intended to attract motivate reward and retain an incredibly talented globally diverse workforce at all levels within our organization. Our compensation programs are informed by market data and business needs and we are committed to providing equitable and competitive compensation. We are committed to providing our team with quality and competitive benefit programs including health and well-being resources family-centric policies and an agile workplace program where not precluded by collective bargaining agreements or national statutory plans. Plans are benchmarked for competitiveness and value.

We provide formal development opportunities at all levels and stages of employee careers. These opportunities are delivered in a variety of formats to make our portfolio of solutions agile sustainable and scalable to support our employees in developing the skills needed to succeed.

WHAT WE BELIEVE

• Product Leadership - Innovation that brings value to our customers

• Humility - Seeking out diverse perspectives and working collaboratively

• Inclusivity - Recognizing our differences makes us stronger; we are bold and intentional

• Net-Zero - Committed to energy efficiency waste reduction and beneficial reuse

• Integrity - Taking responsibility for our decisions and doing what is right

• Accountability - Taking ownership of our actions and driving results

SAFETY

You will consistently hear us say Safety First! We are committed to continually improving our strong safety performance supporting the health and wellness of our employees!

We also believe employee health and safety is everyones responsibility. We encourage safety learning and collaboration to help employees understand and follow applicable safety policies standards and procedures and identify opportunities to minimize or eliminate risk. Work is expected to be conducted in a manner that stresses the importance of preventing incidents and illnesses including attending all required safety meetings and trainings. It is expected that all incidents near misses and unsafe conditions are immediately reported to the direct manager Human Resources or Safety Representative.

EQUAL EMPLOYMENT OPPORTUNITY

PHINIA is an equal employment opportunity employer such that all qualified applicants will receive consideration for employment without regard to race color age religion sex sexual orientation gender identity/expression national origin disability or protected veteran status.

VISA SPONSORSHIP

PHINIA does provide sponsorship for employment visa status based on business need. However for this role applicants must be currently authorized to work on a full-time basis in the country where the position is currently based.

NO UNAUTHORIZED REFERRALS FROM RECRUITERS & VENDORS

Please note that PHINIA does not seek or accept unsolicited resumes or offers from third party recruiters or staffing agencies associated with any published or unpublished employment opportunities. Any unsolicited information sent to PHINIA will be considered as unencumbered and free from any fee or charge whatsoever. Only members of our Human Resources Team have the authority to engage or authorize recruiting services which must be agreed upon before the unsolicited resume or offer is received.

GLOBAL TERMS OF USE AND PRIVACY STATEMENT

Carefully read the PHINIA Privacy Policy before using this website. Your ability to access and use this website and apply for a job at PHINIA are conditioned on your acceptance and compliance with these terms.

Please access the linked document by clicking here select the geographical area where you are applying for employment and review.

Before submitting your application you will be asked to confirm your agreement with the terms.

Career Scam Disclaimer:

PHINIA makes no representations or guarantees regarding employment opportunities listed on any third-party website. To protect against career scams job applicants should take the necessary precautions when interviewing for and accepting employment positions allegedly offered by PHINIA. Applicants should never provide their national ID numbers birth dates credit card numbers bank account information or other private information when communicating with prospective employers or responding to employment opportunities online. Job applicants are invited to contact PHINIA through PHINIAs website to verify the authenticity of any employment opportunities.

Advancing sustainability today powering a cleaner tomorrow. Join us on this shared journey to a brighter tomorrow. For more information about PHINIA please visit .