Apply Now

DevSecOps & Supply Chain Security Consultant

Hybrid in Tewksbury, MA, US • Posted 6 hours ago • Updated 6 hours ago

Contract Independent

Contract Corp To Corp

Contract W2

12 Months

Hybrid

Depends on Experience

Fitment

Dice Job Match Score™

📋 Comparing job requirements...

Job Details

Skills

CycloneDX
SPDX

Summary

Role: DevSecOps & Supply Chain Security Consultant

Work Location: Tewksbury, MA 01876 (Hybrid)

Duration:6-12 months

Role Summary

Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability.

Key Responsibilities

Review SDLC processes, tooling, and secure development practices

Assess software supply chain security, including SCA, SBOM accuracy/completeness, dependency governance, and third-party risk

Evaluate CI/CD pipeline security, artifact integrity, and secure release controls

Review secrets management across development, build, deployment, and operational environments

Assess logging, auditability, and security event traceability controls

Evaluate vulnerability management, remediation tracking, and patch governance processes

Support lifecycle security assessment, compliance evidence mapping, and traceability

Contribute to assessment reporting, remediation guidance, and release governance reviews

Required Skills & Experience

Mandatory:

Strong understanding of DevSecOps and secure software delivery practices

Experience with SBOM frameworks (CycloneDX, SPDX) and SCA tooling

Familiarity with CI/CD security controls and artifact integrity validation

Experience with vulnerability management and dependency governance programs

Understanding of lifecycle security, auditability, and compliance evidence requirements

Experience with secrets management and secure release governance

Good to have:

Experience participating in CRA or regulated product security, or compliance-driven cybersecurity assessments

Experience participating in engagement related to export-controlled environments

Strong documentation skills

Preferred Certifications

Kubernetes / Cloud Security certifications preferred

DevSecOps or secure software supply chain experience preferred

Familiarity with SLSA or modern software supply chain security practices

Clearance / Compliance Requirements

Years of Required Experience

7-10 years in setting up, maintaining and controls validation of Secure. CI/CD pipelines across different type of tech stack.

2+ Years experience with SBOM analysis

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 10110007
Position Id: DevSecOps
Posted 6 hours ago

Contact the job poster

Lisa Paul

Recruiter @ Compugra Systems

View Profile

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Tewksbury, Massachusetts

•

Today

Role Summary Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability. Key Responsibilities Review SDLC processes, tooling, and secure development practicesAssess software supply chain security, including SCA, SBOM accuracy/completeness, dependency governance, and third-party riskEvaluate CI/CD pipeline security, artifa

Easy Apply

Contract, Third Party

Depends on Experience

DevSecOps & Supply Chain Security Consultant

Tewksbury, Massachusetts

•

Today

Hi , Our client is looking for an DevSecOps & Supply Chain Security Consultant for a project and below is the detailed requirement. Job Title: DevSecOps & Supply Chain Security Consultant Location: Tewksbury, MA Domain: Healthcare Job Description: Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field with 12+ years of overall IT experience. Review SDLC processes, tooling, and secure development practices Assess software supply chai

Easy Apply

Contract, Third Party

Depends on Experience

DevSecOps Lead/Architect (with Supply Chain and SBOM)

Hybrid in Tewksbury, Massachusetts

•

Today

Role Summary Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability. Key Responsibilities Review SDLC processes, tooling, and secure development practices Assess software supply chain security, including SCA, SBOM accuracy/completeness, dependency governance, and third-party risk EvaluateCI/CD pipeline security, arti

Easy Apply

Contract, Third Party

80 - 82

Principal Security Engineer

Natick, Massachusetts

•

Yesterday

Job Summary MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: ;br> We're looking for a hands-on, highly collaborative Principal Security Engineer to secure our software delivery pipeline. You'll take ownership of protecting our CI/CD processes, Artifactory, and Internal Developer Platform against supply

Full-time

USD 160,800.00 - 209,000.00 per year

Search all similar jobs

More jobs at Compugra Systems in Tewksbury, MA

DevSecOps & Supply Chain Security Consultant

Dice Job Match Score™

Job Details

Skills

Summary

Lisa Paul

Similar Jobs