DevSecOps & Supply Chain Security Consultant

Cloudious LLC

Job Location:

Tewksbury, MA - USA

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

Role: DevSecOps & Supply Chain Security Consultant

Work Location: Tewksbury MA 01876 (Hybrid)

Type: C2C

Role Summary

Assess software supply chain security SDLC maturity SBOM governance CI/CD pipeline controls secrets management logging/auditability and vulnerability management to support lifecycle security evaluation and compliance traceability.

Key Responsibilities

Review SDLC processes tooling and secure development practices
Assess software supply chain security including SCA SBOM accuracy/completeness dependency governance and third-party risk
Evaluate CI/CD pipeline security artifact integrity and secure release controls
Review secrets management across development build deployment and operational environments
Assess logging auditability and security event traceability controls
Evaluate vulnerability management remediation tracking and patch governance processes
Support lifecycle security assessment compliance evidence mapping and traceability
Contribute to assessment reporting remediation guidance and release governance reviews

Required Skills & Experience

Mandatory:

Strong understanding of DevSecOps and secure software delivery practices
Experience with SBOM frameworks (CycloneDX SPDX) and SCA tooling
Familiarity with CI/CD security controls and artifact integrity validation
Experience with vulnerability management and dependency governance programs
Understanding of lifecycle security auditability and compliance evidence requirements
Experience with secrets management and secure release governance

Good to have:

Experience participating in CRA or regulated product security or compliance-driven cybersecurity assessments
Experience participating in engagement related to export-controlled environments
Strong documentation skills

Preferred Certifications

Kubernetes / Cloud Security certifications preferred
DevSecOps or secure software supply chain experience preferred
Familiarity with SLSA or modern software supply chain security practices
Clearance / Compliance Requirements

Years of Required Experience

7-10 years in setting up maintaining and controls validation of Secure. CI/CD pipelines across different type of tech stack.
2 Years experience with SBOM analysis

Role: DevSecOps & Supply Chain Security Consultant Work Location: Tewksbury MA 01876 (Hybrid) Type: C2C Role Summary Assess software supply chain security SDLC maturity SBOM governance CI/CD pipeline controls secrets management logging/auditability and vulnerability management to support lifec...