Security Engineering Lead DevSecOps

Overview

Remote
$60 - $65
Contract - W2
Contract - Independent
10% Travel

Skills

DevSecOps
GitHub

Job Details

Job Title: Security Engineering Lead DevSecOps

Location: Remote (U.S.-based, limited travel if needed)
Type: Long-term Consulting Engagement

About the Opportunity

This is a high-impact, high-visibility role ideal for a senior cybersecurity professional with deep experience in DevSecOps, GitHub Enterprise, secret management architecture, and automated code scanning. The role is particularly well-suited for individuals with a consulting background (Big 4 or equivalent) who thrive in large-scale, matrixed enterprise environments.

Role Summary

The Security Engineering Lead DevSecOps will be responsible for improving the security posture of the enterprise s source code and development pipelines. The primary focus will be the identification and remediation of exposed plaintext secrets, such as credentials and tokens, across GitHub repositories. You will build scalable remediation workflows, implement modern tooling (e.g., GitGuardian), and align solutions with enterprise security governance frameworks.
This role involves partnering with DevOps, infrastructure, compliance, and development teams across the enterprise and requires the ability to operate at both strategic and technical levels.

Key Responsibilities

  • Lead the DevSecOps strategy and implementation of secure source code practices across the organization.
  • Identify and remediate plaintext credentials, tokens, and secrets in GitHub repositories using secret scanning tools like GitGuardian.
  • Define and enforce governance policies related to secrets, PATs (Personal Access Tokens), SSH keys, and rogue/public repositories.
  • Design and implement scalable remediation workflows via ServiceNow, including SLA tracking, dashboard creation, and reporting mechanisms.
  • Guide integration and continuous improvement of tools across Azure DevOps, GitHub Enterprise, and ServiceNow.
  • Establish dashboards and KPIs to track code hygiene, remediation progress, and compliance posture.
  • Create developer-facing training content and lead outreach campaigns to promote secure coding and repository management best practices.
  • Contribute to evaluating AI/GenAI-based tooling for accelerating detection, remediation, and reporting of security issues.

Required Qualifications

  • 8+ years of experience in security engineering, DevSecOps, or application security in enterprise-scale environments.
  • Deep hands-on expertise in GitHub Enterprise repository management, access controls, and automated scanning workflows.
  • Proven success identifying and remediating secrets embedded in source code.
  • Experience implementing and managing GitGuardian or comparable secret detection platforms.
  • Familiarity with ServiceNow or similar platforms for ticketing, remediation workflows, and SLA tracking.
  • Demonstrated ability to design and enforce governance frameworks for code security and secret hygiene.
  • Excellent written and verbal communication skills with experience interfacing with technical and executive stakeholders.
  • Comfortable using enterprise collaboration tools such as Microsoft Teams and Outlook.

Preferred Qualifications

  • Prior experience with Big 4 consultancies, global system integrators, or Fortune 100 enterprises.
  • Familiarity with secure SDLC, CI/CD pipeline security, and DevSecOps integrations.
  • Understanding of GRC frameworks such as NIST 800-53, CIS Controls, or ISO 27001.
  • Exposure to AI/GenAI-enhanced security tools for automation, threat detection, or posture management.
  • Experience working with offshore/onshore security delivery teams.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.