DevSecOps Architect

Overview

On Site
Contract - W2
Contract - 26 Month(s)

Skills

Software Development Methodology
Embedded Systems
Threat Modeling
Workflow
Development Testing
Security QA
Management
Test Methods
Software Security
SCA
Penetration Testing
Security Controls
Testing
Automated Testing
Scalability
Risk Management
SANS
HIPAA
PCI DSS
Risk Assessment
Auditing
Continuous Improvement
Documentation
Training
Scripting
Python
Java
Ruby
Docker
Vulnerability Management
Regulatory Compliance
CISSP
CISM
Kubernetes
IT Operations
Cyber Security
FOCUS
DevOps
Communication
Collaboration
Analytical Skill
JFrog
OWASP
Jenkins
GitHub
GitLab
Continuous Integration and Development
Command-line Interface
Version Control
Git
Cloud Computing
Amazon Web Services
Microsoft Azure
Google Cloud Platform
Google Cloud
DevSecOps
Pivotal
Software Development
Continuous Integration
Continuous Delivery
SAP
Salesforce.com

Job Details

Hi, Everyone

******W2 CONTRACT ONLY***W2 CONTRACT ONLY***W2 CONTRACT ONLY******

100% Closure & Long-term project, Immediate Interview Surely

ALL VISA TYPES ARE ACCEPTABLE (Except EAD)

Job Title: DevSecOps Architect

Loc: REMOTE (Need to go Onsite Once in a Month "San Diego, CA")

Job Description:

The DevSecOps Architect is a senior

technical role responsible for embedding security best practices throughout the

software development lifecycle (SDLC), ensuring that security is a foundational

element from design through deployment and operations. This position will lead

the integration of security into CI/CD pipelines across diverse platforms,

including SAP, Salesforce, and other enterprise systems. The ideal candidate

will possess deep expertise in security testing methodologies such as Static

Application Security Testing (SAST) and Dynamic Application Security Testing

(DAST), and will be adept at automating and orchestrating security controls

within modern DevOps workflows.

Key

Responsibilities

1.

Security Integration Across the SDLC

  • Champion and implement

security by design, ensuring security considerations are embedded from the

initial design phase through to deployment and maintenance .

  • Develop and enforce

secure coding standards, conduct threat modeling, and perform security

risk assessments during the planning and design phases .

  • Lead the adoption of

best practices for continuous security testing, including regular security

audits and reviews to maintain an effective security posture .

2. CI/CD

Pipeline Development and Integration

  • Architect, implement,

and maintain CI/CD pipelines for SAP, Salesforce, and other platforms,

leveraging both platform-specific and general-purpose automation tools .

  • Integrate automated

security testing (SAST, DAST, SCA) into CI/CD workflows to ensure

vulnerabilities are identified and remediated early in the development

process .

  • Collaborate with

development, QA, and operations teams to streamline deployment processes

and ensure secure, reliable software delivery .

3.

Security Testing and Automation

  • Select, configure,

and manage SAST and DAST tools, ensuring they are effectively integrated

into development and deployment pipelines .

  • Oversee the implementation of additional security

testing methodologies such as Interactive Application Security Testing

(IAST), Software Composition Analysis (SCA), and penetration testing .

  • Automate security controls and testing to provide

continuous feedback and reduce manual intervention .

4.

Platform-Specific Security and CI/CD

  • Design and implement

CI/CD pipelines tailored for SAP environments, utilizing SAP's Continuous

Integration and Delivery services and ensuring compliance with

SAP-specific requirements .

  • Develop and maintain

CI/CD processes for Salesforce, leveraging Salesforce CLI, version

control, and automated testing frameworks to meet platform-specific

deployment and security needs .

  • Extend DevSecOps

practices to other enterprise platforms as required, ensuring consistency

and scalability across the organization.

5.

Governance, Compliance, and Risk Management

  • Ensure all security

practices align with industry standards (e.g., OWASP Top Ten, CWE/SANS Top

25) and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) .

  • Conduct regular

security risk assessments and audits, and provide actionable

recommendations for continuous improvement .

  • Maintain

documentation and provide training to development and operations teams on

secure development and deployment practices

Required

Skills and Qualifications

Technical

Skills

  • Deep expertise in

SAST and DAST tools and methodologies, with hands-on experience

integrating these into CI/CD pipelines .

  • Proficiency in

programming and scripting languages (e.g., Python, Java, Ruby) and

familiarity with DevOps tools (e.g., Docker, Kubernetes, Jenkins, GitHub

Actions, GitLab CI) .

  • Strong understanding

of cloud-native technologies and public cloud platforms (AWS, Azure, Google Cloud Platform)

.

  • Experience with SAP

and Salesforce development, deployment, and security best practices .

Security

and Compliance

  • In-depth knowledge of

secure coding practices, vulnerability management, and security automation

.

  • Familiarity with

compliance frameworks and the ability to implement controls to meet

regulatory requirements .

Certifications

(Preferred)

  • Certified DevSecOps

Engineer (CDSOE), Certified DevSecOps Professional (CDP), or EC-Council Certified

DevSecOps Engineer (E|CDE) .

  • General security

certifications such as CISSP or CISM .

  • Cloud and DevOps

certifications (e.g., Certified Kubernetes Security Specialist, AWS/Azure

security certifications) .

Experience

  • Several years of experience in

software development, IT operations, or cybersecurity, with a focus on

integrating security into DevOps processes .

  • Demonstrated experience architecting and implementing

CI/CD pipelines for SAP, Salesforce, and other enterprise platforms .

Soft

Skills

  • Strong communication

and collaboration skills to work effectively with cross-functional teams .

  • Analytical mindset

with the ability to assess risks and propose effective mitigation

strategies.

  • Commitment to

continuous learning and staying updated with the latest security trends

and tools.

Key

Tools and Technologies

  • SAST Tools: jfrog,Checkmarx,

SonarQube, Veracode, Semgrep, Snyk Code .

  • DAST Tools: OWASP ZAP, Burp

Suite, and other leading DAST solutions .

  • CI/CD Platforms: Jenkins, GitHub

Actions, GitLab CI, SAP Continuous Integration and Delivery, Salesforce

CLI .

  • Version Control: Git and related

branching/merging strategies .

  • Cloud Platforms: AWS, Azure, Google Cloud Platform .

Summary

The DevSecOps Architect is a pivotal

role that ensures security is seamlessly integrated into every phase of the

software development and deployment lifecycle. By leveraging expertise in SAST,

DAST, CI/CD pipeline automation, and platform-specific best practices for SAP,

Salesforce, and other systems, this role drives the organization's ability to

deliver secure, reliable, and compliant software at scale .

NOTE: Please share Updated Resumes to or call me .

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.