Director of Application and DevSecOps Security

Summary

The Director of Application & DevSecOps Security is responsible for leading the organization’s strategy and execution of secure software development practices across application security, API security, and DevOps (shift-left) initiatives.

This role establishes and enforces SDLC security policies, defines secure design requirements, and builds scalable training programs to embed security into the engineering culture, ensuring the organization can deliver secure, resilient, and compliant solutions at scale.

This leader partners cross-functionally with Engineering, Product, DevOps, and Risk teams to ensure security is integrated early and continuously throughout the development lifecycle.

Your role in our mission

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives.
• Build and mature a shift-left security program integrated into CI/CD pipelines.
• Establish and implement roadmap for API security, including governance, discovery, and runtime protection.
• Balance governance with enablement by establishing guardrails, reusable patterns, and self‑service security tooling that empower engineering teams.
• Lead, mentor, and grow a high-performing security engineering team.
• Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes.
• Define API security standards including authentication, authorization, rate limiting, and data protection.
• Drive threat modeling practices across critical applications and services.
• Partner with engineering and development teams to remediate risks and improve secure design patterns.
• Embed automated security controls into CI/CD pipelines.
• Champion developer-first security tooling and workflows
• Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices.
• Measure and improve security posture through pipeline metrics and KPIs.
• Define and maintain secure SDLC policies, standards, and control frameworks.
• Establish secure design and architecture requirements for new systems.
• Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST).
• Lead security reviews and design approvals for critical initiatives.
• Design and implement role-based and just-in-time developer security training programs.
• Build secure coding guidelines and internal knowledge resources.
• Drive security awareness and culture across engineering teams.
• Partner with leadership to ensure adoption and accountability.
• Define KPIs and KRIs for application and DevSecOps security maturity.
• Report on risk posture, vulnerabilities, and program effectiveness to executive leadership.
• Continuously assess and improve tooling, processes, and coverage.

What we're looking for

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps.
• 5+ years in a leadership or director-level role managing teams.
• Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security.
• Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP).
• Experience with container security, Kubernetes security, serverless security concepts and delivery.
• Strong knowledge of modern architectures (microservices, containers, Kubernetes).
• Proven experience building security programs and influencing engineering culture.

What you should expect in this role

• Fully Remote Opportunity – Work from anywhere in the U.S. 
• Minimal Travel Required – Occasional travel opportunities (0-20%). 
• Video cameras must be used during all interviews, as well as during the initial week of orientation.

The deadline to submit applications for this posting is June 5, 2026.