FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Director of Application and DevSecOps Security
Gainwell TechnologiesDirector of Application & DevSecOps Security leading secure software development practices at Gainwell Technologies. Collaborating across teams to ensure integrated security in development lifecycles.
Tech Stack
Tools & technologiesAWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesMicroservicesSDLC
About the role
Key responsibilities & impact- Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives
- Build and mature a shift-left security program integrated into CI/CD pipelines
- Establish and implement roadmap for API security, including governance, discovery, and runtime protection
- Balance governance with enablement by establishing guardrails, reusable patterns, and self-service security tooling that empower engineering teams
- Lead, mentor, and grow a high-performing security engineering team
- Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes
- Define API security standards including authentication, authorization, rate limiting, and data protection
- Drive threat modeling practices across critical applications and services
- Partner with engineering and development teams to remediate risks and improve secure design patterns
- Embed automated security controls into CI/CD pipelines
- Champion developer-first security tooling and workflows
- Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices
- Measure and improve security posture through pipeline metrics and KPIs
- Define and maintain secure SDLC policies, standards, and control frameworks
- Establish secure design and architecture requirements for new systems
- Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST)
- Lead security reviews and design approvals for critical initiatives
- Design and implement role-based and just-in-time developer security training programs
- Build secure coding guidelines and internal knowledge resources
- Drive security awareness and culture across engineering teams
- Partner with leadership to ensure adoption and accountability
- Define KPIs and KRIs for application and DevSecOps security maturity
- Report on risk posture, vulnerabilities, and program effectiveness to executive leadership
- Continuously assess and improve tooling, processes, and coverage
Requirements
What you’ll need- 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps
- 5+ years in a leadership or director-level role managing teams
- Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security
- Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP)
- Experience with container security, Kubernetes security, serverless security concepts and delivery
- Strong knowledge of modern architectures (microservices, containers, Kubernetes)
- Proven experience building security programs and influencing engineering culture
Benefits
Comp & perks- flexible vacation policy
- educational assistance
- comprehensive health benefits
- 401(k) employer match
- leadership and technical development academies
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securityDevSecOpssecure SDLCSASTDASTSCAAPI securityvulnerability managementsecurity testingcloud-native environments
Soft Skills
leadershipmentoringteam buildingcommunicationinfluencing culturecollaborationgovernanceenablementsecurity awarenessaccountability
Certifications
SOC 2ISO 27001NIST