DevSecOps Architect Code & Supply Chain Security Expert

DevSecOps Architect Code & Supply Chain Security Expert

Location: Bellevue
Job Type: Full-time
Department: Engineering / Security Architecture

Job Overview:

We are seeking a hands-on DevSecOps Architect with strong coding expertise and a deep understanding of software supply chain security. This role is perfect for someone who thrives at the intersection of DevOps, security, and development, and wants to lead enterprise-grade initiatives around securing CI/CD pipelines, third-party dependencies, containers, and infrastructure as code.

Key Responsibilities:

1. DevSecOps & Software Architecture

• Architect and implement secure-by-design systems across CI/CD pipelines, microservices, and IaC.
• Integrate security gates and guardrails into development workflows without compromising agility.
• Establish scalable and reproducible DevSecOps practices across development teams.

1. Secure Coding & Automation

• Write and review secure code in languages such as Python, Go, Java, or Node.js.
• Develop custom security tooling to enforce policies and detect vulnerabilities.
• Build reusable automation scripts for secure code deployments and infrastructure provisioning.

1. Software Supply Chain Security

• Implement end-to-end supply chain security including:
• Dependency scanning (e.g., Snyk, Mend, OWASP Dependency-Check)
• Provenance tracking and SBOM management (e.g., CycloneDX, SPDX, Sigstore)
• Artifact signing and verification in CI/CD workflows
• Secure open-source usage and manage third-party component risks with proper version control, license checks, and trust policies.

1. Cloud & Container Security

• Secure container ecosystems (Docker, Kubernetes) using tools like Trivy, Grype, Falco, Kube-bench.
• Design secure deployments for AWS, Azure, or Google Cloud Platform including IAM, network security, and encryption strategies.
• Implement runtime protection and secure service meshes (e.g., Istio with mTLS).

1. Security Governance & Collaboration

• Define and implement DevSecOps KPIs and dashboards for leadership visibility.
• Collaborate with DevOps, Engineering, and GRC teams to align on compliance and risk management.
• Mentor developers and DevOps engineers on secure coding and pipeline hygiene.

Required Skills & Experience:

• 8+ years of experience in DevOps/DevSecOps, with 3+ years specifically focused on security architecture.
• Hands-on experience coding in Python, Go, JavaScript/TypeScript, or similar.
• Deep expertise in software supply chain risks, artifact trust, and open-source security.
• Proven experience integrating security tools into CI/CD pipelines (e.g., Jenkins, GitLab, GitHub Actions, Azure DevOps).
• In-depth knowledge of container security, IaC security, and zero-trust architecture.
• Familiarity with SSDF (Secure Software Development Framework) and NIST 800-218 guidelines.

Preferred Qualifications:

• Experience with Sigstore, Cosign, in-toto, or Grafeas for securing supply chain workflows.
• Familiar with tools like Sonatype Nexus, JFrog Artifactory, or Harbor.
• Certifications:
• CKS (Certified Kubernetes Security Specialist)
• AWS/Google Cloud Platform/Azure Security Architect Certification
• CNCF s Software Supply Chain Security Training